Governance, Risk & Compliance

The acronym GRC derives from the need for an integrated approach to governance, risk management and compliance. OCEG, the nonprofit think tank that publishes the GRC Capability Model, describes GRC as a set of integrated capabilities for the governance, management and assurance of performance, risk and compliance. OCEG also establishes GRC capabilities as necessary to attain "Principled Performance", which is defined by OCEG as the ability to achieve objectives while addressing uncertainty and acting with integrity. Learn more about GRC and Principled Performance here.