Governance, Risk and Compliance Platform Considerations

​Integration of multiple governance, risk and compliance (GRC) disciplines on a single platform is increasing, yet barriers to successful integration of the technology across numerous groups remain. Many organizations continue to use multiple GRC technologies to fulfill different departmental needs, and different platforms are used for IT GRC and enterprise GRC (eGRC). Within the eGRC space, integration is most often encountered among internal audit, financial controls and enterprise risk assurance. Compliance-oriented functions have been less inclined to integrate on a single platform – this is due in part to the specific subject-matter expertise required of the different compliance functions, thus making the broader risk and control sets documented by other groups less relevant to compliance teams. Yet, The Institute of Internal Auditors’ (IIA) position paper, The Three Lines of Defense In Effective Risk Management and Control (January 2013), provides good insight into why it makes sense to bring these functions together, at least on an aggregated level, even if subsets of information are contained in other source systems: It will enable the three lines (operational/ business line managers, risk and compliance functions, and internal audit) to coordinate activities, map assurance functions and perform independent validation.