Week 2 - Information Risk Management - GRC COBIT
Week 2 - Information Risk Management - GRC COBIT
Week 2 - Information Risk Management - GRC COBIT
Risk Management:
GRC & COBIT
By Kavinga Yapa Abeywardena
Sri Lanka Institute of Information Technology (SLIIT)
Governance, Risk Management,
Compliance (GRC)
• An ‘umbrella term’ that covers these three areas
of enterprise activities (Not just IT)
• Constantly reviewed and analysed to enhance
the organisations performances and efficient
delivery of stakeholder needs.
• GRC activities are typically based on principles,
policies, models, frameworks, organisational
structures. Etc.
Governance, Risk Management,
Compliance (GRC)
• Governance: Exercise of authority; control;
government; arrangement.
• Risk (management ): Hazard; danger; peril;
exposure to loss, injury, or destruction (The act
or art of managing; the manner of treating,
directing, carrying on, or using, for a purpose;
conduct; administration; guidance; control)
• Compliance: The act of complying; a yielding; as
to a desire, demand, or proposal; concession;
submission
Webster’s Online Dictionary
Governance, Risk Management,
Compliance (GRC)
Simpler Definitions
• http://www.isaca.org/COBIT/Pages/Recognition.aspx