Risk management is the practice of mitigating and managing risk through system controls and is therefore closely aligned as an integral function of IT governance and IT compliance. GRC (Governance, Risk, and Compliance) is an integrated strategy to effectively and appropriately manage policies, processes, and controls. The collective management of these three functions – rather than as independent objectives – can eliminate duplication and facilitate secure dissemination of information and communications.
