Governance, Risk and Compliance (GRC) | Resources

Governance, Risk and Compliance (GRC)

Governance, Risk and Compliance (GRC) is a vital practice to support every organisation. In many cases there are legal and regulatory requirements and even if this is not the case, the principles are underpinned to most functions throughout a company of any size. However, over time and as a business grows, the ability to accurately track and monitor the mass of data required becomes more difficult. Using this data to benefit your organisation requires precise strategies. It must be fuelled by the correct resources in different departments, and it must then be communicated to the correct stakeholders for future planning and change management considerations.


85% of organisations surveyed stated that they would benefit from automated tools and technology for their GRC activities.

*Based on research conducted by Deloitte

Introduction to GRC tools

For an organisation beginning the procurement journey or wishing to replace their current provider, it is important to understand what a GRC tool may offer.

  • Risk Analysis
    Focussing generally on risks and incidents to track mitigation and remediation or acceptance.
  • Policy Management
    Document management that incorporates the policy life cycle, mapping policies to business objectives and considering risks and controls.
  • Compliance Database
    Managing the functions that support compliance tasks. Monitoring the creation, workflow and representation of control objectives relating to any form of compliance you require (PCI DSS, ISO 27001, SOX etc).
  • Audit Functions
    Support internal audit teams and provide time and task management reporting services.
  • Analytics and Reporting
    Supporting data analytics with the ability to visualise or export results pertaining to any given metric required.
Governance, Risk and Compliance

A GRC tool must harness your organisation’s information through a holistic approach. Answering the ‘demand’ (provided by your organisation when establishing what you require) by creating, monitoring, reviewing/analysing and communicating the appropriate information to the relevant stakeholders in a timely manner.

Read other chapters in the series:

Part 2: Important factors and considerations >>

Part 3: Popular Governance, Risk and Compliance tools >>

Should you require assistance in procuring, migrating or using a service please contact Xcina Consulting. We provide our clients with pragmatic advice and guidance to ensure they achieve a robust and defensible position. For more information contact us at

We’d love to hear from you

To discuss how the areas highlighted in this post, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at We’d love to hear from you.

Peter Lane

Information Security Consultant

Speak to me directly by Email, or
Telephone: +44 (020) 3745 7820

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>