Governance, Risk Management & Compliance

GRC or Governance, Risk Management, and Compliance is the umbrella term covering an organization's approach across these three management disciplines. Being closely related concerns, governance, risk and compliance related activities are increasingly being integrated and aligned into processes in order to avoid conflicts, wasteful overlaps and gaps.

While interpreted differently in various organizations, GRC typically encompasses activities such as corporate governance, enterprise risk management (ERM), corporate compliance with laws and regulations, as well as risk management and compliance efforts related to the use of Information Technology (IT).


Many organizations are interested in adopting one single GRC platform to manage risk and compliance efforts related to both the IT and enterprise domains. There is however still a substantial gap today in most organizations between IT and enterprise GRC operations.

Q-Project has over 15 years of experience with IT GRC and E GRC projects through collaboration with different assessment software providers and subject matter experts within companies of all types and sizes.


We recommend Infogov solutions for IT GRC and Thomson Reuters Accelus solutions for E GRC.


We can help you


1 - To assess your current performance in dealing with


Planning the program and the actual work

Setting up the appropriate assessment models

Automation of the actual assessment work and reporting

Automation of documentation management and action plan follow-up


2 - To choose the pragmatic way forward in function of your actual level of maturity


3 - With provision of the appropriate support to implement the desired course of action