Many public and private organizations are im- plementing and integrating governance, risk, and compliance frameworks across multiple industries and sectors. To provide uniformity and continuity throughout an organization, these enterprise-wide frameworks place governance, risk, and compliance activities under one overarching umbrella known as GRC. These efforts are integrated strategically across an organization.

As with any new strategic initiative, however, there are dif- ficulties in presenting and tracking the initiative's maturity as the company implements it. Key stakeholders need to know that the initiative adds value and improves the organization as it matures during its life cycle. GRC integration is also experi- encing this same challenge with a similar pattern of frustration and concern. Organizations are looking for timely and practi- cal ways to better communicate and articulate what GRC means from an organizational alignment perspective and the value and success realized during its service life cycle.

This article introduces a new GRC Conceptual Foundation Model(TM) that establishes a more timely view or snapshot of the GRC framework for presentation to key stakeholders and to those who do not practice GRC. It also will highlight how a company can use this conceptual foundation economically as a basis to measure and guide success in integrating GRC.

Before I introduce the model, I will present the ac- cepted GRC general knowledge of professional organi- zations and industry professionals.

Overview of GRC

A critical business concept, GRC integrates a risk-based management approach that is proactive, effective, and can be used throughout an organization. It provides or- ganizations with a uniform view of information so they can align risk management with objectives, reduce com- plexity, diminish inconsistencies, and harness technol- ogy for desired outcomes. Not a replacement for inter- nal control or compliance testing, GRC goes well beyond testing to create a comprehensive framework for managing risk and improving performance. It orga- nizes risk management efforts rather than duplicating them, which reduces overall operating costs and assists in creating a more risk-intelligent organization.

Risk management professionals know that organiza- tions worldwide have been facing unprecedented pres- sure...