Phy-gital Roundtable: Breakfast Roundup from Germany and Netherlands

02 May '15 | Debjyoti Paul

German Shoppers: Meet Them in the Fast Lane to Phy-gital

15 January '15 | Ralf Reich

Shoppers Will Share Personal Information (But They Don’t Want to be “Friends”)

15 January '15 | Anil Venkat

Modernize or Perish: Property and Casualty Insurers and IT Solutions

14 January '15 | Manesh Rajendran

Benelux Reaches the Phy-gital Tipping Point: Omnichannel Readiness is Crucial

13 January '15 | Anil Gandharve

The New Omnichannel Dynamic: Finding Core Principles Across Industries

13 January '15 | Debjyoti Paul

Technology does not disrupt business – CIO day 2014 Roundup

02 December '14 | Anshuman Singh

Apple Pay – The Best Is Yet To Come

02 December '14 | Indy Sawhney

Digital transformation is a business transformation enabled by technology

01 December '14 | Amit Varma

3 Stages of FATCA Testing and Quality Assurance

06 October '14 | Raman Suprajarama

3 Reasons why Apple Pay could dominate the payments space

18 September '14 | Gaurav Johri

Beacon of Hope: Serving Growth and Customer Satisfaction

05 August '14 | Debjyoti Paul

The Dos and Don’ts of Emerging Technologies Like iBeacon

30 July '14 | Debjyoti Paul

What You Sold Us On – eCommerce Award Finalist Selections

17 July '14 | Anshuman Singh

3 Steps to Getting Started with Microsoft Azure Cloud Services

04 June '14 | Koushik Ramani

8 Steps to Building a Successful Self Service Portal

03 June '14 | Giridhar LV

Innovation outsourced – a myth or a mirage or a truth staring at us?

13 January '14 | Ramesh Hosahalli

What does a mobile user want?

03 January '14 | Gopikrishna Aravindan

Governance, Risk, and Compliance – Simplified

Posted on: 24 January '11

Think GRC is a complicated term and as nebulous as say, the Cloud? Well, think again! You may not have to go too far to understand what it is, as long as the context is clear. Let me simplify this for you.

GRC or Governance, Risk and Compliance, quite simply, represents your own nuclear family. Comprising of a father, a mother and children, it is the umbrella term that denotes family. Just like the inherent cohesiveness within a family, it is incumbent upon and imperative for corporates to inculcate cohesiveness for implementing organizational Security and Governance.

Governance – This used to be your Daddy, but in a changed world with gender equity becoming the norm, it could be your Mommy as well. He or she lays out the rules (overall management approach) and expects that someone senior (deputed in their absence) enforces them (management processes). These are your professors, teachers and tutors. Your parents may leave home for work in the morning but the expectation is that you will do your homework, eat your veggies and turn in no later than 9 p.m. These are the rules of engagement.

Risk Management – This could be your mother’s role. She interprets Daddy’s governance, but chances are that there are quite a few chinks in the armor, which she needs to manage before he gets home, on a day to day basis. Most of them would have to do with the child’s indiscretions.

Risk – This is the teenager who could very well be a rebel without a cause and whom the mother needs to manage.

Compliance – These are the rules or stated requirements of the house, which one has to conform to. When you’re out of compliance, you will be held accountable by your parents, will have to fess up and mend your ways. At an organizational level, it is achieved through management processes which identify applicable requirements. At your home, the potential costs of non-compliance, for instance, are gauged against qualitative measures and projected expenses; and any corrective actions are taken into consideration. For example, your mobile bill just shot through the roof or your Internet downloads and video streaming caused a hole in the family wallet. What’s the result? Severe curtailing of your privileges!

Just as the practical workings within a family are mostly qualitative in nature, so is the dearth of detailed scientific research on GRC today. The family, therefore, provides adequate context for the interplay between Security Governance, Risk Management and Compliance.

Mindtree Blog Archives

Mindtree blog Archives are a collection of blogs by various authors who have independently contributed as thought leaders in the past. We may or may not be in a position to get the authors to respond to your comments.

  • Geetha

    Dear Mr. Benegal,

    Thank you for this lucid and strikingly simple explanation for GRC!

    Thanks and regards,


  • Gopi

    Made a wonderful read! Well written Benny. Using a simple and familiar context to explain a equally relevant and sophisticated topic is a genius!