Governance Risk and Compliance (GRC)
Corporate risk management is a process carried out by an entity’s board of directors, management and staff, applied in the definition of strategy and throughout the company, designed to identify potential events that may affect the organization and manage its risks within the accepted risk, providing reasonable assurance about the achievement of objectives.
Integrated Risk Management is a unified “model/philosophy” of oversight and control of the organization’s governance, risk and compliance, supported by integrated management processes and techniques.
GRC stands for Governance Risk and Compliance.
Govercance, is the framework where the values, culture, policies, processes and standards of management and other members of the organization are determined. The idea is to create a philosophy that accompanies the entire company in its day-to-day management.
Risk, process piloted by the Board of Directors, management and employees, involves all lines of defense in the organization. It identifies potential events that may affect the organization and provides reasonable assurance about the achievement of objectives.
Compliance, in today’s environment, where regulatory requirements and best practice frameworks are constantly evolving, “minimum compliance” is no longer sufficient. The areas of supervision and control must promote efficient compliance and anticipate expected changes in the medium term. Failure to monitor these aspects can have very serious consequences, even endangering the survival of the organization.