The Open Compliance and Ethics Group (OCEG) recently published the 2019 OCEG GRC Technology Strategy Report.

Written by French Caldwell, who has been involved in the ‘GRC’ world as an analyst with Gartner and others for many years, it has some interesting content.

It also reminded me of the problem I have with so-called GRC solutions and platforms.


Let me start with the challenge of the acronym, GRC.


Before I can talk about technology for GRC, I need to explain my views on what GRC means.

I joke that it stands for Governance, Risk, and Confusion.


Because while everybody seems to be able to explain that the letters in GRC stand for Governance, Risk, and Compliance, very few can explain what the whole term means.

I credit (if that is the right word) Michael Rasmussen with inventing the term. While others (including Scott Mitchell, the Founder and Chairman of OCEG) have laid claim to it from time to time, Michael coined the term to describe the basket of functionalities in the software he was assessing and reporting on for Forrester Research.

Michael and I are two of the first three to be honored by OCEG as Fellows (along with Brian Barnier) for our thought leadership on GRC, and we both like OCEG’s definition of GRC. I think it’s the only definition that makes sense, with a practical and…


Обучение для риск менеджеров