Good post to read over at the Burton Blog. A snippet:

Of course, the elements of G, R, C are not dead. Governing, managing risk, and responding to compliance obligations are ongoing and critical organizational tasks. The problem is conflating them into a single term. As Burton Group is inclined to say, GRC is a four-letter word that shouldn’t be spoken among polite company. Each function is deserving of its own, complete, and separate word. There’s no organization in which compliance activities, risk management, and executive governance are rolled into a single person, group, or tool. No sense creating an acronym that implies it.

My favorite part. One of those things I’m jealous I didn’t put into writing first:

If everything is “GRC,” then nothing is.

Amen.

Share: