Importance of Governance, Risk and Compliance (GRC)

by Swapnil Bora, Practice Lead

In the current scenario, the importance of governance, risk and compliance management is at its highest due to complex nature of business models and operations across the organization. An organization always faces risks that it will be found in violation of one or another of multiple laws and regulations. Lack of adequate risk and compliance management, and governance mechanism around it exposes any organization to multiple risks.

In the recent years, we have observed that the cost of any incidents or mistakes had immensely impacted an organization’s reputation. Take the example of Japanese company called Takata, who manufactured car air bags. The air bags installed by Takata were dangerously faulty, which in turn led to recall of huge number of cars from the market. As of May 19, 2015, Takata is now responsible for the largest auto recall in history .

Additionally the regulatory non-compliances have also proven to impact an organization, especially where there are huge financial penalties or revocation of licenses are involved. For instance, the data privacy regulation in Europe, i.e. General Data Protection Regulation (GDPR) is a prime example. If a company or any one of its third parties breaches the data of a European citizen, the company will face a fine of 4% of annual global revenue or €20 million, whichever is greater, under violation of certain sections in the regulation. There is also a fine of 2% of annual global revenue or €10 million, whichever is greater, under violation of remaining sections in the regulation .

Faulty or disruptive business models also contribute to downfall or reduce in growth level of an organization. For example, Uber paid a hacker $100,000 to keep quiet after he managed to get his hands on the personal data of 57 million users . However, this breach has been just a small blip of concern compared to some of the larger issues related to poor corporate culture, harassment, and mistreatment of drivers as executives focused solely on aggressive growth .

With an increase in complex business models and operations, organizations are moving towards automated tools to manage their risk and compliance and implement governance around it. In a study conducted on the Risk, Governance and Compliance platforms by Forrester, there is a valuable insight for us to look at the best available solution provider to help risk management professional make the right decision. The study helps us conclude that the applications at the forefront (i.e. considered as “Leaders”) in terms of GRC solution providers are MetricStream, SAI Global, LogicManager, Nasdaq, Riskonnect, Rsam and SAP’s GRC. Followed by “Leaders” are the “Strong Performers”, which comprises of GRC solution providers such as Enablon, ACL’s GRC, RSA Archer, IBM and NAVEX Global. Finally, followed by “Strong Performers” are the “Contenders”, which comprises of two GRC solution providers, i.e. ServiceNow and Thomson Reuters’ GRC. The selection criteria for the GRC applications were based on the 3 criteria, i.e. current offering, strategy and market presence.

Use of automated tools helps an organization to be efficient, however it important to have an understanding and mindset for GRC to be incorporated. GRC needs to be acknowledged as a critical aspect of any organization’s growth.


* Isidore, Chris; Marsh, Rene (May 19, 2015). “Airbag maker Takata announces largest auto recall ever”. CNNMoney. Retrieved May 21, 2015.
* Article 83, GDPR (
* Dell Cameron, “The Great Data Breach Disasters of 2017,” Gizmodo, December 27, 2017 (https://gizmodo. com/the-great-data-breach-disasters-of-2017-1821582178).
* Renee Murphy and Claire O’Malley, “The Forrester Wave: Governance, Risk, And Compliance Platforms, Q1 2018”, February 15, 2018, Forrester.

7 Replies to “Importance of Governance, Risk and Compliance (GRC)”

  1. I comment each time I appreciate a post on a site or I have
    something to add to the conversation. Usually it’s a result of
    the passion displayed in the article I read. And on this article Importance
    of Governance, Risk and Compliance (GRC). I was actually moved enough to drop a thought 😛 I do have a couple of
    questions for you if you usually do not mind. Is it just me or do a few of these
    responses appear like coming from brain dead folks?
    😛 And, if you are posting at additional social sites, I’d like
    to keep up with anything new you have to post. Would you make a list the complete urls of all
    your public pages like your twitter feed, Facebook page or linkedin profile?

  2. I would like to thank you for the efforts you have put in writing this web site. I’m hoping the same high-grade web site post from you in the upcoming as well. In fact your creative writing skills has encouraged me to get my own website now. Actually the blogging is spreading its wings quickly. Your write up is a great example of it.

  3. It really is best time and energy to come up with a several options in the future and it’s time and energy to be very glad.. video youtube terbaru We have check this out set up of course, if I may only I need to advocate you actually several exciting difficulties or perhaps ideas. You could publish up coming posts in regards to this post. I actually need to find out much more problems concerning this!

Leave a Reply

Your email address will not be published. Required fields are marked *