1. Executive summary
Risk Management practitioners have two major methodologies for applying best risk management practices: ERM and GRC. However, there is a big debate between
risk management people regarding the importance, role, benefit and coverage of each method. Moreover, software solutions have contributed greatly in GRC approach diffusion. Also, organisations are exhaustively encouraged to adopt GRC by vendors to achieve
their objectives and improve their performance without a sufficiently impartial view. Consequently, there is no answer to whether organisations need both for the best results.Also, it is ambiguous whether one of these methods could cover an organisation’s
Building a comparison between ERM and GRC will help organisations to identify the two methods. It will provide an objective description and impartial stand point for both methods that will reveal some suspicions about GRC, and allow organisationsto
make better decisions for adoption, developing or retaining their approach to managing risks to achieve their objectives and improve their performance.
1.1. The study benefit
issue will help a large number of risk management practitioners and organisations to distinguish between both approaches, and be able to identify the benefit of each approach to provide mature decisions about their risk management methodology.
the research will provide impartial information to help in evaluating GRC market offers.
1.2. aims and objectives
The aim of the study
Identify and analysethe GRC approach and its added value in comparison with the ERM approach.
1.2.2. The objectives of the study
- Identify the ERM and GRC approaches.
- Identify the relationship between the ERM and GRC approaches.
- State the holistic nature, effectiveness and efficiency of the GRC approach and whether it could replace the ERM approach or
The research built a comparison between ERM and GRC to underline the relationship between both methods by pointing out the differences
and similarities between both in their definitions, objectives, and tools and techniques.
To achieve that, the research conducted a qualitative descriptive and explanatory research method. Secondary data were collected for the theoretical research part,
and primary data (explanatory analysis; survey) were applied and distributed to a focus group of risk management practitioners (appendix 2).