Internal Control System

GRC, Regulations and Compliance

Suffering from GRC Confusion?

The terms GRC, compliance and regulations alone are enough to cause confusion. Add things like SOX, ISO, PCI, HIPAA and it gets worse. Read an expert report that talks about magic quadrants and other weird and wonderful names and you might have more information, but you won’t necessarily have a better picture of what software solution will make your life better. The paragraphs below might help.

Q: What is GRC?
A: GRC stands for governance, risk management and compliance.

Q: What is Governance?
A: Governance is managing an organization well.

Q: What is Risk Management?
A: Risk management is being aware of potential events that could harm your organization and taking action to reduce the likelihood of them occurring and/or reduce their potential damage if they do.

Q: What is Compliance?
A: Compliance is meeting the requirements laid down in a regulation, law, standard or other ruling. Some of these mention the need to handle risk and some mention the need to implement internal controls.

Q: Internal Control and Internal Controls?
A: Internal control is the overall process of being in control of the activity going on in an organization. Internal controls are specific processes, rules or actions that are performed or implemented in an organization to ensure the correct operation of the organization, and therefore they are a means of achieving internal control. This 'correct operation' includes, among other things, reducing and mitigating risks, so internal controls are very important in risk management.

Q: Is Objective Controls a GRC software solution?
A: Yes it is. However it addresses only the part of GRC that is concerned with risk management and implementation of internal controls. Those are important aspects of GRC and Objective Controls handles them wonderfully, but it’s not a solution for ‘everything GRC’, e.g. specific regulations like SOX, or industry standards like PCI-DSS. If you want a software system that does 'everything GRC', there are other solutions that claim to do this. But if you just want easy and comprehensive risk management, and/or a way to implement internal controls, you’re in the right place.

Find out how Objective Controls can help you achieve operational, reporting and compliance objectives
to us
  or  Check out

Back to Top