Longtime readers know that I’m not the biggest fan of GRC as it is “practiced” today. I believe G & C are subservient to risk management. So let me offer you this statement to chew on:
“A metric for Governance is only useful inasmuch as it describes an ability to manage risk”
True or False, why, and what are the implications if true or false.