White Paper - GORC – New And Improved GRC With Added O

Whitepaper

This is a members only resource.

This page contains member-exclusive resources designed to support your professional practice. Please log in via the top right-hand corner to access the full content.

Author

Nigel Dalton-Brown

FGIA, GAICD, AMIIA, MBA

Date

2025

Topics Explored

Compliance

Format

White Paper

Extract/Description

The term GRC creates a risk-centric bias by focusing on risk management, risk control and risk governance.
The term GRC can create confusion and bias, increasing the possibility of decision-making errors. The term GRC should be updated to describe the totality more accurately. By including Obligations in the GRC acronym (by changing it to GORC where the O stands for Obligational awareness), risk centric bias is eliminated by recognising the equal and parallel importance of obligations.

Key Points

  • Internal Audit needs to be aware of all the organisation’s obligations and needs documentary evidence that all obligations are being met.
  • Obligations must be monitored using a bottom-up feedback loop.

Relevant Industries

All

Level of Assumed Knowledge

Intermediate

Aligned to Global Internal Audit Standards

Not Applicable