The scenario describes the three foundational pillars that together define Governance, Risk, and Compliance (GRC): governance ensures the organization reliably achieves its business objectives through structured decision-making and accountability; risk management identifies and addresses uncertainty that could prevent those objectives from being met; and compliance ensures the organization acts fairly and within the bounds of applicable laws, regulations, and internal policy. Implementing GRC processes (E) directly and comprehensively addresses all three elements named in the question, reliable achievement of objectives, addressing uncertainty, and fairness, as a unified, structured discipline. Developing a risk management framework (C) is the specific component within GRC that most directly manages the 'reliably' dimension by systematically identifying, assessing, and mitigating threats to the achievement of business objectives, making it a necessary complementary focus alongside broader GRC adoption. Regular compliance audits (A) support only the compliance dimension and are a periodic verification activity rather than a comprehensive framework. Resource optimization frameworks (B) address efficiency, not fairness or objective reliability. Ongoing IT management activities (D) are operational in nature and too broad and generic to specifically address the governance, risk, and fairness objectives described. GRC and risk management framework are the two correct focuses.
Reference topic: Securing the Data Protection Environment - Governance, Risk, and Compliance (GRC).
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit