Governance, Risk Management and Compliance Definitions


Governance, risk management and compliance is a complex and challenging business even for the most seasoned of experts. Which makes it even more arduous for those just starting out. Understandably, it is common for startups and organizations that are just beginning their compliance program to turn to an existing staff member to tackle the job, rather than hire a compliance specialist.

With that in mind, we wanted to share some common terms and definitions that are key to understand if this is your first foray into compliance:

  • Compliance – adherence to a set of rules established by a regulatory body
  • Risk – the chance that a negative outcome, financial loss, or error can damage the organization
  • Control – a step in the process that monitors and mitigates risk
  • Audit – an examination performed by an independent third party that verifies the guidelines outlined by a regulatory body
  • Attestation – like an audit, except the organization and third-party examiner share the responsibility of an inaccurate examination
  • Framework – an approach with risks, controls, and processes to put in place a compliance model
  • Regulatory body – the organization that defines the rules and methods to verify the rules
  • Standard – the specific law, rules, or requirements that make up the scope during an examination
  • Scope – the boundaries to examine, which are usually dictated by a regulatory body
  • Objective – discrete requirement within a compliance framework
  • Consolidated Objectives – common requirements across frameworks

For more information and understanding on compliance, check out our eBook, Insider’s Guide to Compliance: How To Get Compliant and Stay Agile.