“Enterprise Risk Management (ERM) and Governance, Risk, and Compliance (GRC) are pretty similar in definition and are often sited interchangeably. I’ve often asked what the difference was, so I’m sure you may have asked the same question.

After some quick web searching, I found this interesting article on the difference between ERM and GRC.

In it’s simplest form, the difference is simply in their names. ERM includes identifying risk appetite, assessing risk, integrating risk management in daily decisions, and monitoring risks. GRC is an umbrella philosophy that includes risk management, governance, and compliance. GRC may include ERM as the methodology of managing risk, but it may not. If an ERM program is linked to governance and risk, then it might transition into a true GRC program.

There is certainly more to ERM and GRC programs, but that is the nuts and bolts difference between the two.

Are you interested in implementing ERM or GRC programs successfully?  If you’ve already implemented these programs at your organization – what pitfalls have you faced?  What success stories do you have?”