Overview#Governance, Risk, and Compliance (GRC) is an increasingly recognized term that reflects a new way organizations focus on and manage an integrated approach to these three areas.
According to Michael Rasmussen, a well regarded industry analyst at Forrester Research, the challenge in defining GRC is that individually each term has "many different meanings within organizations. There is corporate governance, IT governance, financial risk, strategic risk, operational risk, IT risk, corporate compliance, Sarbanes-Oxley Act (SOX) compliance, employment/labor compliance, privacy compliance . . . you get the picture."