Setting GRC expectations for each level of the organization is critical for your risk and compliance culture. The first line is responsible for business operations and internal controls; the second line includes risk management, privacy, compliance, and security departments; the third line is your internal audit team. We also provide an interactive tool that you can use to document who will be responsible, accountable, supportive, consulted, and informed (RASCI) for all GRC tasks. This report helps risk professionals build and maintain an effective GRC stakeholder plan, outlining the major tasks and expectations for key leaders you will hold accountable for the success or failure of their GRC duties.