What are the Critical Disciplines?

GRC isn't about a single discipline, profession or role. It requires collaboration between the "Critical Disciplines". After decades of research, our members have defined the best ways to help people like you work together.

GRC is an interdisciplinary endeavor that requires a diverse set of skills in your organization or on your team.

Critical Disciplines

Each discipline has areas where it excels and areas where it can learn from other disciplines.

When disciplines are fragmented and separate, we see problems. When they are integrated, they work together to achieve Principled Performance.

As professionals, we must collaborate and help our organizations achieve Principled Performance. And, in the process, we actually upgrade our own skills as well!

Governance & Oversight Discipline

The governance and oversight discipline addresses the way we constrain and conscribe activities of the organization or some part of it:

  • Set direction
  • Identify and establish boundaries
  • Allocate authority
  • Authorize performance, risk, and compliance systems
  • Shape a culture of integrity

Strategy & Performance Discipline

The strategy and performance discipline addresses the way we set objectives and key results; and how we map strategies and tactics to address opportunities, obstacles, and obligations:

  • Set objectives and key results
  • Identify opportunities, obstacles, and obligations
  • Align strategies and tactics
  • Manage performance, risk, and compliance systems

Risk & Decision Support Discipline

The risk and decision support discipline addresses the way we approach uncertainty and make sound decisions:

  • Identify risks
  • Assess risks
  • Address risks
  • Measure and monitor risks
  • Use decision science and support techniques

Compliance & Ethics Discipline

The compliance and ethics discipline includes the way we address obligations and the risks associated with both mandatory and voluntary boundaries:

  • Identify mandatory obligations
  • Identify and formalize voluntary obligations
  • Assess compliance and ethics risk
  • Set policy and procedures
  • Educate and communicate with the workforce
  • Inspire and shape an ethical culture

Security & Continuity Discipline

The security and continuity discipline addresses the way we approach significant risks and crises, especially those areas of the organization prone to attack or existential consequences:

  • Identify critical physical and digital assets
  • Assess related risks
  • Address related risks
  • Measure and monitor related risks
  • Use scenario planning and simulation to practice response
  • Perform crisis response when appropriate

Audit & Assurance Discipline

The audit and assurance discipline addresses the way we enhance internal and external stakeholders’ confidence that the organization is designed and operating effectively to reliably achieve objectives, address uncertainty, and act with integrity:

  • Prioritize assurance activities
  • Plan, perform, report, and monitor assessments
  • Use design and substantive testing techniques
  • Communicate with stakeholders and management to evaluate and enhance confidence