8.6 Combining governance, risk and compliance Flashcards
1
Q
What is a GRC framework?
A
A govenance, risk management and compliance management frameworks
2
Q
What is the rational for a GRC approach?
A
Governance, risk management and compliance management are inter-related and cannot be separated, so they must be integated. A silo approach is likely to be inefficient and leave gaps
3
Q
Which areas of an organisation are typically in scope for a GRC approach?
A
Finance
Information technology
Legal
4
Q
GRC consists of the following elements:
1 relevant p\_\_\_\_\_\_\_\_\_ and p\_\_\_\_\_\_\_\_\_\_\_ 2 library of c\_\_\_\_\_\_\_\_\_ 3 GRC m\_\_\_\_\_\_\_ used to report on events 4 results of risk a\_\_\_\_\_\_\_\_\_\_\_ 5 incident m\_\_\_\_\_\_\_\_\_\_\_, to record any loss events 6 financial p\_\_\_\_\_\_\_\_\_ data 7 internal a\_\_\_\_\_ modules 8 action planning to address control w\_\_\_\_\_\_\_\_\_
A
policies and procedures controls metrics assessments management performance audit weaknesses
