Difference between revisions of "GRC Glossary"
Jump to navigation
Jump to search
(→C) |
(→C) |
||
| Line 32: | Line 32: | ||
=== B === | === B === | ||
=== C === | === C === | ||
| + | |||
| + | :'''Citation''': A specific requirement in an Authority Document, a requirement which you are required to be compliant with. | ||
:'''Control''': An entity which is used to evidence compliance | :'''Control''': An entity which is used to evidence compliance | ||
| − | :'''Compliance''': Means conforming with stated requirements. | + | :'''Compliance''': Means conforming with stated requirements. In GRC this refers to the auditing of controls to evidence compliance against policy statement requirements, which may in term be linked to one or more citations in external Authority Documents. |
=== D === | === D === | ||
Revision as of 13:50, 22 April 2020
| Home > Applications > GRC > Glossary | Index |
IntroductionBelow is a list of terms and definitions as they apply and are used in the context of the Hornbill GRC app. |
Related Articles |
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | Y | Z | #
A
- Attestation: The act of evidencing or proofing something. In Hornbill GRC this may relate to a manual task in a Control lifecycle, where a user is required to provide confirmation and evidence that the controls are in place.
- Audit: Internal or External assessment of one or multiple Controls and their. An audit allows for each control to be assessed from the perspective of being fit for purpose and being operationally enforced to evidence compliance.
- Audit Register: A collection of Controls
- Audit Schedule: A calendar view of scheduled audits
- Authority Document: An external set of authoritative rules against which we must comply, they are authoritative rules that are not of our own creation. These authoritative rules can come in the form of regulations, principles, standards, guidelines, best practices, policies, and procedures. Each Authority Document contains one or multiple rules in the form of sections and citations.
B
C
- Citation: A specific requirement in an Authority Document, a requirement which you are required to be compliant with.
- Control: An entity which is used to evidence compliance
- Compliance: Means conforming with stated requirements. In GRC this refers to the auditing of controls to evidence compliance against policy statement requirements, which may in term be linked to one or more citations in external Authority Documents.
D
E
F
G
- Governance: Describes the overall management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures. Governance activities ensure that critical management information reaching the executive team is sufficiently complete, accurate and timely to enable appropriate management decision making, and provide the control mechanisms to ensure that strategies, directions and instructions from management are carried out systematically and effectively
H
I
J
K
L
M
N
O
P
Q
R
- Risk Management: is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, accepting or transferring them to a third party, whereas organizations routinely manage a wide range of risks (e.g. technological risks, commercial/financial risks, information security risks etc.).