Risk and compliance may refer to:
 | This disambiguation page lists articles associated with the title Risk and compliance. If an internal link led you here, you may wish to change the link to point directly to the intended article. |
An audit is a systematic and independent examination of books, accounts, statutory records, documents and vouchers of an organization to ascertain how far the financial statements as well as non-financial disclosures present a true and fair view of the concern. It also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditing has become such a ubiquitous phenomenon in the corporate and the public sector that academics started identifying an "Audit Society". The auditor perceives and recognizes the propositions before them for examination, obtains evidence, evaluates the same and formulates an opinion on the basis of his judgement which is communicated through their auditing report.
Compliance can mean:
Information and technology (IT) governance is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system.
Clinical governance is a systematic approach to maintaining and improving the quality of patient care within the National Health Service (NHS). Clinical governance became important in health care after the Bristol heart scandal in 1995, during which an anaesthetist, Dr Stephen Bolsin, exposed the high mortality rate for paediatric cardiac surgery at the Bristol Royal Infirmary. It was originally elaborated within the United Kingdom National Health Service (NHS), and its most widely cited formal definition describes it as:
A framework through which NHS organisations are accountable for continually improving the quality of their services and safeguarding high standards of care by creating an environment in which excellence in clinical care will flourish.
GRC may refer to:
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls. This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.
The chief risk officer (CRO) or chief risk management officer (CRMO) of a firm or corporation is the executive accountable for enabling the efficient and effective governance of significant risks, and related opportunities, to a business and its various segments. Risks are commonly categorized as strategic, reputational, operational, financial, or compliance-related. CROs are accountable to the Executive Committee and The Board for enabling the business to balance risk and reward. In more complex organizations, they are generally responsible for coordinating the organization's Enterprise Risk Management (ERM) approach. The CRO is responsible for assessing and mitigating significant competitive, regulatory, and technological threats to a firm's capital and earnings. The CRO roles and responsibilities vary depending on the size of the organization and industry. The CRO works to ensure that the firm is compliant with government regulations, such as Sarbanes-Oxley, and reviews factors that could negatively affect investments. Typically, the CRO is responsible for the firm's risk management operations, including managing, identifying, evaluating, reporting and overseeing the firm's risks externally and internally to the organization and works diligently with senior management such as Chief Executive officer and Chief Financial Officer.
Microsoft Operations Framework (MOF) 4.0 is a series of guides aimed at helping information technology (IT) professionals establish and implement reliable, cost-effective services.
A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance.
Internal auditing is an independent, objective assurance and consulting activity designed to add value to and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing achieves this by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.
Virsa Systems was a California-based compliance software maker. It now forms the Governance, Risk Management, and Compliance (GRC) vertical of SAP Labs.
Contract management or contract administration is the management of contracts made with customers, vendors, partners, or employees. The personnel involved in contract administration required to negotiate, support and manage effective contracts are often expensive to train and retain. Contract management includes negotiating the terms and conditions in contracts and ensuring compliance with the terms and conditions, as well as documenting and agreeing on any changes or amendments that may arise during its implementation or execution. It can be summarized as the process of systematically and efficiently managing contract creation, execution, and analysis for the purpose of maximizing financial and operational performance and minimizing risk.
Data governance is a term used on both a macro and a micro level. The former is a political concept and forms part of international relations and Internet governance; the latter is a management concept and forms part of corporate governance.
Governance, risk management and compliance (GRC) is the term covering an organization's approach across these three practices: Governance, risk management, and compliance. The first scholarly research on GRC was published in 2007 where GRC was formally defined as "the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity." The research referred to common "keep the company on track" activities conducted in departments such as internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite and the board itself.
Since about 1970, several major business and government excesses were seen in the United States to generate subsequent legal, public and political reaction. The Foreign Corrupt Practices Act is perhaps the legislation with the most significant influence in the development of ethics and compliance programs; similar ideas are encoded in the Committee of Sponsoring Organizations, and the Federal Sentencing Guidelines.
Legal Governance, Risk Management, and Compliance or "LGRC", refers to the complex set of processes, rules, tools and systems used by corporate legal departments to adopt, implement and monitor an integrated approach to business problems. While Governance, Risk Management, and Compliance refers to a generalized set of tools for managing a corporation or company, Legal GRC, or LGRC, refers to a specialized – but similar – set of tools utilized by attorneys, corporate legal departments, general counsel and law firms to govern themselves and their corporations, especially but not exclusively in relation to the law. Other specializations within the realm of governance, risk management and compliance include IT GRC and financial GRC. Within these three realms, there is a great deal of overlap, particularly in large corporations that have legal and IT departments, as well as financial departments.
Information governance, or IG, is the overall strategy for information at an organization. Information governance balances the risk that information presents with the value that information provides. Information governance helps with legal compliance, operational transparency, and reducing expenditures associated with legal discovery. An organization can establish a consistent and logical framework for employees to handle data through their information governance policies and procedures. These policies guide proper behavior regarding how organizations and their employees handle electronically stored information (ESI).
The chief governance officer (CGO) is normally a senior vice executive reporting to the CEO, however in the not-for-profit sector when an organization uses Policy Governance the Chair of the Board often takes on the role of CGO, who is tasked with directing the people, business processes and systems needed to enable good governance from inside the corporation in support of the board of directors. In some geographies the role is assumed by the chief counsel, in others by a corporate or company secretary.
Active Risk (LSE:ARI) formerly known as Strategic Thought Group, is a software company that specialises in enterprise-wide risk management (ERM) and governance, risk and compliance (GRC) software. It is a subsidiary of Sword Group.
ISO 19600:2014, Compliance management systems -- Guidelines, is a compliance standard introduced by the International Organization for Standardisation (ISO) in April 2014. As its title suggests, it operates as an advisory standard and is not used for accreditation or certification.