- Date: December 21, 2009
- Source: WWW.OPRISKANDCOMPLIANCE.COM, Thomson Reuters
Abstract:Although governance, risk and compliance are separate factors, they each have a significance, relevance and influence on each other. Governance is the umbrella term used to describe the overall framework through which the senior executive management ensure that their organization follows appropriate processes and policies to meet the required standards. Risk Management is the process through which an organization identifies and resolves the gap between the current operational standards and the required operational standards. Compliance is the process that records and monitors the controls, be they physical, logical or organisational, needed to enable compliance with legislative or industry mandates as well as internal policies. Governance, Risk, and Compliance are highly related but distinct activities that solve different problems for different sets of constituents of an organization. Covergence or risk covergence refers to the methodology offered by consulting organizations which brings together the efforst of risk and control assessment groups. GRC convergence is achieved when all assessment groups come to a consensus on the tools, practices, frameworks, common languages and software tools to assist in assessment and reporting. There are no mandated path to achieving complete convergence but following best practices can help realising the desired results.