GRC is a combined approach towards governance, risk, and compliance, aided by information technology