Technology plays a vital role in governance, risk, and compliance (GRC) initiatives. An effective enterprise GRC strategy will employ technology to drive sustainability, consistency, efficiency, and transparency into GRC oversight. The practice of GRC has evolved from siloed applications, documents, and spreadsheets to more of an enterprise content management approach. Consequently, strong workflow, communication, and analysis capabilities have become essential components of the enterprise program. IT has traditionally provided the technology capabilities to the business for enterprise GRC activities. However, IT also has an obligation to manage its own GRC activities and initiatives, where not only does it provide technology to manage GRC activities, but it also develops processes and establishes governance structures of its own. Organizations embarking upon the GRC journey should be able to clearly distinguish one goal from the other.