Governance, risk and compliance

Group Chair: Robert Toogood Secretary: Lucy Smithwith-Eldred.

Join the group to receive information about future meetings.

For all other enquiries please contact

GRC is a term used to describe an integrated approach to activities related to governance, risk management and compliance. Increased corporate failures and enhanced regulatory requirements have heightened corporate awareness about the value and importance of making sure these key activities are effectively designed, integrated and managed.

Whilst the GRC approach has been in existence for over a decade, a recent survey from the Open Compliance and Ethics Group (OCEG) suggests that only 13% of respondents were able to claim they had harmonised or successfully achieved this level of integration. However, 93% of respondents that had successfully integrated these areas reported meeting or exceeding their original expectations.

Group aims and objectives

The purpose of the group is to explore what GRC really is, and how it can be used across all functional areas of an enterprise.

Based on feedback received from the member feedback questionnaire, specific areas of interest for the SIG will include:

  • Explore what GRC really is and agree a common (or assumed) definition, with focus on understanding purpose, scope and boundaries of each individual element and then how these come together to provide integrated GRC
  • Share experiences, both good and bad, of our attempts so far to implement GRC
  • Identify possible international best practice GRC guidelines
  • Prove/demonstrate benefits of/from GRC implementations
  • Develop GRC training and communication programmes
  • Facilitate GRC benchmarking between organisations
  • Investigate use of financial and other GRC related metrics

Discussion forum

Take part in the latest discussions on the group's discussion forum.

OR join the IRM's GRC LinkedIn group. 

Previous meetings 

Visit MyIRM for more information and to download presentations from previous meetings.

To join an IRM group, you need to log in or register.