GRC Glossary

Principled Performance Around the World

We see a world where every organization and every person strives to achieve objectives, address uncertainty and act with integrity. This approach to business, and to life, is what we call Principled Performance.

GRC Glossary

Assess
verb

To identify threats, opportunities and requirements; assess the level of risk, reward and conformance; and align an approach to reliably achieve objectives while addressing uncertainty and acting with integrity.

Assurance
noun

Is the act of objectively evaluating an entity, process or resource using suitable criteria.

Assurance Actions & Controls
noun

Help objectively evaluate an entity, process or resource.

Board
noun

Is the corporate board of directors or any other oversight authority for the organization.

Coincident Indicator
noun

An indicator that accurately represents current activity.

Communication
noun

Delivers relevant, reliable, and timely information to the right audiences as required by mandates or as needed to perform responsibilities and effectively shape attitudes.

Competence
noun

Is the combination of knowledge, skills and behavior that enables an individual to do their job.

Compliance
noun

Is the state of being able to prove the fulfillment of a requirement.

Compliance culture
noun

Includes the values, beliefs and behaviors about the governance, assurance, and management, of compliance including: identifying compliance requirements.
Views about the impact of compliance on conduct and decisions; and modeling of appropriate and compliant behavior.

Condition
noun

Is a state of being that has a desirable or undesirable effect (or both) on objectives.

Corporate Governance

Is the act of externally directing, controlling and evaluating a corporation.

Corrective Actions & Controls

Cleans up the mess caused by the occurrence of undesirable conditions or events; and reduces the ongoing likelihood, impact and velocity of additional undesirable conditions, events and effects.

Criteria
noun (plural)

Standards against which evaluation or decisions are based.

Culture
noun

Includes the values, beliefs and behaviors characteristic of an entity

Detect
verb

Ongoing progress toward objectives as well as actual and potential undesirable conditions and events using management actions and controls.

Detective Actions & Controls

Detect the actual or potential occurrence of desirable and undesirable conditions and events.

Effect
noun

A measure of the likelihood, timing and impact of an event on something.

Embed
verb

The ways and means of governance, performance, risk, control, compliance, and ethics capabilities into other business processes.

Entity
noun

Any individual or collection of individuals such as a team, group, organization or company.

Ethical culture

Includes the values, beliefs and behaviors about responsible behavior and integrity.

Evaluate
verb

To measure something against criteria.

Event
noun

An observable action, occurrence, or a change in condition.

A change in knowledge about a condition, even if the condition did not change.

Extended Enterprise

Includes the entity and its network of suppliers and business partners.

Forces
noun/verb

Drive events, conditions and requirements that affect the achievement of objectives.

Governance
noun

The act of externally directing, controlling and evaluating an entity, process or resource.

Governance Actions & Controls

Help externally direct, control and evaluate an entity, process or resource.

Governance Culture

Includes the values, beliefs and behaviors about how processes, resources and the organization itself are externally directed, controlled and evaluated including the involvement of the board of directors.

How power and decision-making authority is allocated; and the responsiveness to stakeholders.

GRC

The integrated collection of capabilities that enable an organization to reliably achieve objectives while addressing uncertainty and acting with integrity. It encompasses the governance, assurance and management of performance, risk, and compliance.

GRC Capability

Is a capability that enables an organization to reliably achieve objectives while addressing uncertainty and acting with integrity; including the governance, assurance and management of performance, risk, and compliance.

GRC Roles

Includes any role that is primarily charged with the governance, assurance or management of performance, risk and compliance.

Helpline
noun

Is a live or on-demand channel for individuals to ask questions before or while they are engaging in a task.

Impact
noun

A measure of how an entity or its objectives are affected.

Indicator
noun

A metric that can be used to judge underlying activity.

Information Management

Implements and manages so that capability information is relevant, reliable, timely, secure and available.

Inherent Risk

Is the level of risk in the absence of actions and controls.

Inquiry
noun

Periodically seek input to understand perceptions about the governance, assurance and management of performance, risk and compliance; and the occurrence of undesirable events and activities.

Integrate
verb

To organize separate parts to provide a coordinated harmonious whole.

Integrated Support

Provides “just-in-time” advice and education to individuals while they are performing a task.

Integrity
noun (of an object or system)

The state of being whole and complete.

noun (of a person or organization)

The keeping and honoring of promises.

Lagging Indicator
noun

An indicator that records past activity.

Leading Indicator
noun

An indicator that predicts future activity.

Likelihood
noun

A measure of the chance of an event occurring.

Likelihood (Mathematical)
noun

The hypothetical probability that an event that has already occurred would yield a specific outcome.

Management
noun

The act of internally directing, controlling and evaluating an entity, process or resource.

Management Actions

Are decisions, processes and use of associated resources which increase the likelihood that objectives are achieved.

Management Actions & Controls

Help internally direct, control and evaluate an entity, process or resource.

Management Culture
noun

Includes the values, beliefs and behaviors about how processes, resources and the organization itself are internally directed, controlled and evaluated including: the way authority is delegated; the degree to which management is centralized and decentralized; and how individuals and teams are enabled and inspired.

Measure
verb

To reduce the uncertainty of a value using a standardized unit of measure.

noun

A value or a metric.

Metric
noun

A single value obtained by direct measurement, or calculated using several other constituent values.

Mission
noun

states what the organization will achieve

Negative Effect
noun (when dealing with a future event)

A measure, expressed as a function of the likelihood that an event may occur, how fast the event may impact objectives and the estimated negative impact that an event may have on objectives.

noun (when dealing with a past event)

A measure of the negative impact that an event had on objectives.

Nominal Scale
noun

A scale on which information is displayed in categories without any specific order.

Notification
noun

Provides multiple pathways to report the actual or potential occurrence of undesirable conditions, events and conduct; as well as the occurrence of desirable events.

Objective
noun

Something that an entity intends to attain or accomplish.

Opportunity
noun

Is an event that has, on balance, a desirable effect on achieving objectives.

>Orchestrate
verb

The ways and means of governance, performance, risk, control and compliance capabilities

>Ordinal Scale
noun

A scale on which information is displayed in order of magnitude because there is no standard of measurement of differences.

Performance Culture
noun

Includes the values, beliefs and behaviors about the governance, assurance and management of performance including: setting objectives and indicators of performance; enabling and evaluating performance; and how individual and team performance is recognized

Performance Management

Is the act of managing processes and resources to pursue reward while also addressing risk

Planned Performance
noun

Is the level of reward that the organization expects to gain once planned actions and controls are operating.

Policy
noun

Provides the “why;” is high level and strategic; sets the tone, context or intent; and changes infrequently.

Principled Performance
noun

The act of reliably achieving objectives while addressing uncertainty and acting with integrity.

Proact
verb

Proactively incent desirable conditions and events; and prevent undesirable conditions and events with management actions and controls.

Proactive Actions & Controls

Proactively incent desirable; and prevent undesirable conditions or events.

Probability
noun

A measure of the chance that an event (or set of events) will occur expressed on a linear scale from 0 (impossibility) to 1 (certainty).

Procedure
noun

Provides the “how to” of policies and guides their implementation; is audience-specific; provides exact instructions that will ensure compliance with a given policy.

Process
noun

A sequence of interdependent and linked procedures which consume one or more resources to convert inputs into outputs.

Qualitative Impact
noun

Is an impact often expressed using an ordinal scale or nominal scale.

Quantitative Impact
noun

Is a positive/negative affect on financial assets, tangible assets, intangible assets, business continuity, and health & safety.

Requirement
noun

Is something that an entity must address as a result of making a promise.

Residual Risk

Is the level of risk after actions and controls are in place.

Resource
noun

A useful asset that can be used to achieve objectives such as capital, people, technology, facilities and information.

Respond
verb

Desirable conditions and events with rewards; and correct undesirable conditions and events so that the organization recovers from and resolves each immediate issue and improves future performance.

Responsive Actions & Controls

Reward desirable; and correct undesirable conditions or events

Retention
noun

Is the use of internal funds to finance risk.

Rewarding Actions & Controls

To recognize desirable conduct; and encourage similar conduct in the future.

Risk
Noun

A measure of the negative effect of uncertainty on achieving objectives.

A measure of the likelihood that an event may occur, how fast the event may impact the entity, and the estimated negative impact that an event may have on objectives.

Risk Analysis Criteria

Are quantitative or qualitative values against which level of risk is evaluated.

Risk Appetite

The level of risk that the organization is willing to accept to achieve objectives.

Risk Capacity
noun

The maximum level of risk that the organization is able to address.

Risk Culture
noun

Includes the values, beliefs and behaviors about the governance, assurance and management of risk including: setting risk appetite and tolerances; views about impact of risk on conduct and decisions; and modeling of appropriate risk-taking behavior.

Risk Financing
noun

Provides funds to reduce the financial impact of undesirable effects experienced by an organization.

Risk Management
noun

Is the act of managing processes and resources to address risk while pursuing reward.

Risk Tolerance
noun

Is the level of risk that the organization is unwilling to exceed to achieve objectives.

Stakeholder
noun

Is a person, group, or organization that has direct or indirect stake in an organization because it can affect or be affected by the organization’s actions, objectives, and policies.

Target
noun

A measurable value that an entity strives to achieve.

Threat
noun

Is an event that has, on balance, an undesirable effect on achieving objectives.

Timing
noun

Is an estimate of when something may happen.

Tolerance
noun

The acceptable level of departure from a target.

Transfer
verb

Is the use of external funds to finance risk.

Uncertainty
noun

The state of being unable to completely predict; determine; or define something.

Values
noun

State what the organization stands for and the guide the conduct of both individuals and the organization as a whole.

Velocity
noun

A measure of how quickly an entity is impacted once an event occurs.

Vision
noun

States what the organization will be.

Workforce
noun

Includes operators of the organization at all levels.