Published: 04 August 2014
Many large organizations have recognized value in developing a holistic view of risk and compliance through the use of governance, risk and compliance (GRC) solution. Embracing GRC in this manner enables organizations to address technology risks from a business perspective through alignment of the business andinformation technology (IT), resulting in a "to p-down approach."
In practice, GRC solutions are often marketed towards - and thus, typically are introduced by - security or IT teams. However, other groups in the business, such as compliance, operations, finance, legal and human resources, also have found these solutions to be of great value. These business partners typically have very distinct functions with ambiguous lines of communication and knowledge-sharing capabilities. Because GRC solutions provide a means of sharing and formalizing relevant information, they help to bridge knowledge
gaps between "silos" in the organization.