While reading the book “Managing the Risk of Fraud and Misconduct: Meeting the Challenges of a Global, Regulated and Digital Environment” (McGraw-Hill, 2011), I came across an official rundown of what an effective governance, risk management and compliance (GRC) framework should accomplish, according to co-authors Timothy Hedley and Richard Girgenti:

• Protect and enhance business value by fostering a risk aware culture, support informed decision-making, and address multiple compliance and assurance layers;


• Enhance operational efficiency by rationalizing risk management, controls, and assurance structures and processes, as well as intelligent use of IT and data management structures;


• Provide a proactive and dynamic approach by enabling the organization to more quickly, consistently, and efficiently respond to challenges arising from evolving risk profiles and rapidly changing regulatory requirements; and


• Support a linkage to strategy by enabling the organization to meet compliance objectives while improving performance to be use of an integrated framework and support the strategic objectives.