Menu Close

Governance, Risk and Compliance (GRC)

Governance, Risk and Compliance (GRC) is a vital practice to support every organisation. In many cases there are legal and regulatory requirements and even if this is not the case, the principles are underpinned to most functions throughout a company of any size. However, over time and as a business grows, the ability to accurately track and monitor the mass of data required becomes more difficult. Using this data to benefit your organisation requires precise strategies. It must be fuelled by the correct resources in different departments, and it must then be communicated to the correct stakeholders for future planning and change management considerations. 


… of organisations surveyed stated that they would benefit from automated tools and technology for their GRC activities.

*Based on research conducted by Deloitte

Introduction to GRC tools

For an organisation beginning the procurement journey or wishing to replace their current provider, it is important to understand what a GRC tool may offer.

Risk Analysis 

Focussing generally on risks and incidents to track mitigation and remediation or acceptance.

Policy Management

Document management that incorporates the policy life cycle, mapping policies to business objectives and considering risks and controls.

 Compliance Database

Managing the functions that support compliance tasks. Monitoring the creation, workflow and representation of control objectives relating to any form of compliance you require (PCI DSS, ISO 27001, SOX etc).

Audit functions

Support internal audit teams and provide time and task management reporting services.

Analytics and Reporting

Supporting data analytics with the ability to visualise or export results pertaining to any given metric required.

A GRC tool must harness your organisation’s information through a holistic approach. Answering the ‘demand’ (provided by your organisation when establishing what you require) by creating, monitoring, reviewing/analysing and communicating the appropriate information to the relevant stakeholders in a timely manner.

Read other chapters in the series:

Part 2:  Important factors and considerations  >>

Part 3:  Popular Governance, Risk and Compliance tools >>


Should you require assistance in procuring, migrating or using a service please contact Xcina Consulting. We provide our clients with pragmatic advice and guidance to ensure they achieve a robust and defensible position. For more information contact us at


If you have any comments or questions on any aspect of this content, please contact:



Peter Lane

Information Security Consultant

Speak to me directly by Email


Stay in control of your inbox

Register your details to receive our featured insights,
news and analysis covered by our Information Security team.

Stay up to date and discover how the requirements impact your business.