====== GRC ====== ===== Governance, Risk Management and Compliance ===== **Governance** is the responsibility of senior executive management and focuses on creating organizational transparency by defining the mechanisms an organization uses to ensure that its constituents follow established processes and policies. A proper governance strategy implements systems to monitor and record current business activity, takes steps to ensure compliance with agreed policies, and provides for corrective action in cases where the rules have been ignored or misconstrued. **Risk Management** is the process by which an organization sets the risk tolerance, identifies potential risks and prioritizes the tolerance for risk based on the organization’s business objectives. Risk Management leverages internal controls to manage and mitigate risk throughout the organization. **Compliance** is the process that records and monitors the controls, be they physical, logical or organisational, needed to enable compliance with legislative or industry mandates as well as internal policies. * http://en.wikipedia.org/wiki/Governance,_Risk_Management,_and_Compliance * [[http://www.oceg.org|Open Compliance and Ethics Group (OCEG)]] * [[http://www.legalgrc.org|Legal GRC Center for Innovation (LGRC)]]