It could be said that GRC represents a natural progression, taking the risk management concept and adding the management of governance and compliance to create a new more sophisticated model, which represents a more integrated view and results in a more effective and efficient approach. The GRC movement as a cross-functional discipline represents the first major step towards a more comprehensive cross-functional convergence in the broader area of corporate defence, if you think of corporate defence as an organisations program for self protection, with the responsibility for defending the interests of all of its stakeholders. It is only by defending the interests of all of its stakeholders (including its people) that an organisation can hope to establish a foundation of trust and develop the required top-down and bottom-up culture within the organisation. In my opinion governance, risk management and compliance represent important corporate defence components and GRC represents the first real step in the evolution towards a cross-functional convergence in the area of corporate defence. Eventually however I believe that a broader cross-functional discipline will emerge, which will involve the integration of GRC with corporate intelligence, security and resilience. This broader discipline will also need to incorporate corporate controls and assurance into its framework in order to achieve a truly integrated and holistic solution to corporate defence. This approach should address the confused lines of authority referred to earlier by addressing the responsibility and accountability for operational line management which is where ERM currently seems to fall short. This holistic approach can be achieved by not only building on existing work already in place but also by taking advantage of the advances in technology solutions now available. It is only then that real benefits of integration, rationalization and leveraging will be truly harnessed.