ISO31000 and GRC: complementary?

ISO 31000 standard proposes a structured approach for any risk management program to include the vocabulary, principles, framework and process for the management of risk. GRC typically encompasses activities such as corporate governance, risk management and corporate compliance with applicable laws and regulations. What are the differences and what is the added value of each approach?

Session Partner


Michael Rasmussen | Chief GRC Pundit & Principal Analyst | GRC 20/20 Research | USA | will talk about:

Optimizing ERM Through GRC Principles: Collaboration and Integration of Risk with Governance and Compliance

  • What are the pains and frustrations organizations are experiencing with risk management and GRC
  • How does ERM relate to GRC and vice versa
  • How an integrated and collaborative approach drives performance and integrity
  • What is the role of a strategy, process, information, and technology architecture approach to risk and GRC
Michael Rasmussen
Michael Rasmussen
Jason Shohet | Vice President of Enterprise Operations and Technology Risk Management | CITIGROUP | USA | will talk about:

Brain versus Brawn: ISO 31000 and GRC

  • History and definition of GRC: How we got to where we are
  • Dangers of orphaned GRC (minus Principles and Framework)
  • GRC in Practice: De-emphasizing the ‘G’, emphasizing the ‘C’?
  • ISO 31000 complementing GRC
Jason Shohet
Jason Shohet
Jacquetta Goy | Senior Manager, Risk Advisory Services | BCLC | Canada | will talk about:

GRC – is it the natural next step or a potential diversion for risk management ?

  • Drivers for GRC – why organisations might chose the GRC route
  • Better together or standalone – pros and cons of a GRC approach
  • Amalgamation or alignment – how is the orchestra kept in tune?
  • Is it possible to commit to a ISO31000 approach within a GRC framework ?
Jacquetta Goy
Jacquetta Goy