IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk. The maturity of IT GRC practices for managing reward and risk has a direct impact on the organization.
IT GRC encompasses the practices for delivering:
- Greater business value from IT strategy, investment and alignment,
- Significantly reduced business and financial risk from the use of IT, and
- Conformance with policies of the organization and its external legal and regulatory compliance mandates.
The 2008 Annual Report, assembled from benchmark research conducted with more than 2,600 organizations around the World, reveals the IT GRC maturity profiles, business outcomes, capabilities and practices that are most responsible for influencing and impacting business rewards and risks.
CIO Research Library 
