Governance, Risk, and Compliance. GRC systems aid the organization with:
Governance: ensuring that good practices are in place, and that people are held accountable. Administrative controls, training, repeatable processes, and measurement are all prerequisites of sound governance. A poorly governed organization carries more risk, and has difficulty scaling.
Risk management: reducing the likelihood of losses, injuries, and legal liability. As an organization grows, the various risks should be catalogued and measured. Once they are understood they can be reduced, mitigated, or financed through insurance or self-insurance programs. Security audits and business continuity planning are examples of risk management.
Compliance: building programs of compliance with laws, regulations, industry standards, and best practices. Compliance includes more than just following these practices. It is also critical that the organization can prove compliance later. This is done by documenting routines and processes, and maintaining a credible audit trail.