Effective IT governance, risk and compliance (GRC) is essential for financial services organizations to meet increasingly stringent regulatory and audit requirements and reduce business operational risk. By instituting the appropriate IT GRC controls, organizations can demonstrate regulatory compliance in areas of specific concern to auditors. At the same time, these controls can take organizations beyond the immediate need to pass an audit and into the realm of reduced operational risk exposure through process improvements.