IIA-Australia White Paper - GORC – New and improved GRC with added O

GORC – New and improved GRC with added O

This is a members only resource. Please login to access. 


Nigel Dalton-Brown FGIA, GAICD, AMIIA, MBA



Topics Explored

Compliance, GRC


White Paper


The term GRC creates a risk-centric bias by focusing on risk management, risk control and risk governance.
The term GRC can create confusion and bias, increasing the possibility of decision-making errors. The term GRC should be updated to describe the totality more accurately. By including Obligations in the GRC acronym (by changing it to GORC where the O stands for Obligational awareness), risk centric bias is eliminated by recognising the equal and parallel importance of obligations.

Key Points

  1. Internal Audit needs to be aware of all the organisation’s obligations and needs documentary evidence that all obligations are being met.
  2. Obligations must be monitored using a bottom-up feedback loop

Relevant Industries


Level of Assumed Knowledge