Reading Time: 3 minutes

An expert in GRC?
Then this post isn’t for you! However, many MSME owners are new to the compliance culture and thus, they need to understand what is all the hoo-ha all about. We’ve listed down some of the most important compliance jargon and key-words to help you understand what the words mean

Compliance Comic


The process or state of being in accordance with guidelines or specification which have been set by various entities like Government, Statutory Bodies, official entities, corporations, public authorities etc.


They are based on moral principles which govern actions of an individual or a group at large while doing a task or simply living the day-to-day life.
They reflect the values set upon yourself as a person.


They are standards of behavior based upon judgement of an individual or a group to decide what is right or wrong. The value system can be moral or immoral. It helps us decide what is important and what isn’t. They form a part of our core beliefs.


A particular act, process or power of governing the way an individual, entity or an organization works. It is an outcome of robust internal controls, consistent management, cohesive policies, guidance, processes and decision-rights for a given area of responsibility, and proper oversight and accountability.


Intentionally lie or cheat in order to gain something that is not entitled to you. It also includes wrongful or criminal deception intended to result in financial or personal gain.



Hotline is a communication channel set-up to report during emergencies or for communication to authorities.It is also a process of giving anonymous telephone access to employees who would like to report instances of wrongdoing.

Code of Conduct

A Code of Conduct is a policy of all policies. It is a manual for all the employees and stakeholders to refer on a day-to-day basis for the decision-making process. It clarifies an organization’s mission, values, and principles while linking them to the standards of professional conduct.

GRC management tools

GRC (governance, risk management and compliance) tool integrates technology , statutes, standards and organization’s internal controls on a single platform. They are easy to deploy, save cost and improve the efficiency of an organization. Moreover, they have a direct positive impact on ROI and costs. VComply is one such tool.

Chief Privacy Officer

A Chief Privacy Officer (CPO) is a corporate executive charged with forming, understanding, communicating policies which are formalised to protect employee and customer data from unauthorized access.

Chief Compliance Officer

A Chief Compliance Officer (CCO) is an authority who oversees and manages issues related to GRC in an organization. CCO ensures that the stakeholders and employees are complying with the set policies and procedures laid down by the organization. Also, the focus is on reducing cost of compliance.

Chief Risk Officer

The CRU is the officer who gauges, measures and helps mitigate significant threats from various functions.

Cyber Security

Cybersecurity includes preventive techniques formulated by an authority to minimize the impact of cyber threats. Also, it helps protect the integrity of networks, programs and data from attack, damage, or unauthorized access.


Whistleblower is a person who informs the wrong doings or frauds of a person or organization engaged in an unlawful or immoral activity. Thus, they are people who voluntarily provide information to the public about dishonest or illegal business activities occurring within an organization. Click here to get an exhaustive list of whistle-blowers.


Ransomware is a threatening or a malicious attack. It threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid to the attacker. They usually conduct the attack through encryption known only to the hacker who initially deployed the malware.


An audit when an independent third party examines an entity with an end goal in mind. It can be to verify if the entity has followed the guidelines outlined by a regulatory body. E.g. Companies Act 2013 needs Annual Statutory Audit.


An incentive given or offered to a person to encourage them to take an action, typically illegally, that benefits the giver.

Risk Assessment

It is a systematic and a process of evaluating the potential risks. The risks may be present in any activity or undertaking. Thus, the process of identifying variables that have the potential to impact the ability to conduct business in a negative way.

Previous                                                                                                                Next

FavoriteLoadingAdd to favorites

Leave a Reply

Your email address will not be published. Required fields are marked *