Governance, Risk and Compliance (GRC) represents a business oriented approach to establishing ownership and accountability throughout the organization to improve decision making. Establishing a GRC program within an organization is not a simple task. It is also not a new concept. Companies have been focused on improving compliance and managing risk for years. Since GRC programs have many moving parts, organizations are implementing an overarching vision of how things fit together to maximize value. This vision not only should clarify the objectives of a GRC program – but also give context to how the organization executes this strategic initiative.
The RSA GRC Reference Architecture provides a simple illustration to bring context to discussions related to GRC. The Architecture can serve as a backdrop as an organization plans out its strategy and delivers the core value message to the executives or simply as a method to start the dialogue. GRC is a complex topic and while no illustration will completely sum up the many facets of the effort, the GRC Reference Architecture provides a foundation upon which to drive the conversation. This white paper is a primer on the RSA GRC Reference Architecture, GRC Guiding Principles and the Objectives of a GRC Program.
This paper is published by the GRC Strategy team at RSA Archer in collaboration with members from the RSA Archer Customer Advisory Council.