Managing Information Technology (IT) risk within large organization with disparate groups/business-units is a difficult task and presents many challenges. Ineffective risk management can expose the business to vulnerabilities, which result in fines, business loss, and possible the organizations brand recognition. By deploying an enterprise wide Information Technology Governance Risk and Compliance (IT- GRC) tool, organizations have the ability to identify, mitigate, and accept and manage risk to a reasonable level. Mandated by the Sarbanes-Oxley act of 2002, public traded corporations must implement internal security controls to sufficiently protect financial data.  An IT-GRC  tool provides a central repository where individuals, at different levels within the organization, can disposition, address, and accept risk. By doing so, the organization can document and properly assesses its risk posture from an Information Technology (IT) system perspective.
Rusnac, Claudiu, "Information Technology - Governance, Risk Management and Compliance
(IT-GRC)" (2011). Engineering and Technology Management Student Projects. 696.