Over the past few years, organizations have focused a lot of time, energy, and resources on designing, implementing, and improving their governance, risk management, compliance, ethics, and internal control systems—increasingly called “GRC systems.” As a result, many executives are starting to ask, “Is all of this work really working? Are we actually and factually delivering outcomes that really matter?”
