Governance, risk management, and compliance (GRC) have become buzzwords since the passage of legislation like the Sarbanes-Oxley Act. But what exactly do they mean? And how should companies promote their effective use? A white paper from The Compliance Consortium, a year-old international group working to create GRC best practices, answers these questions. In the paper the group defines seven operational concerns, from establishing policies, procedures, and controls to implementing continuing process improvement. It also provides a dozen questions for board members and senior managers to consider. @ Governance, Risk Management, and Compliance: An Operational Approach is at SM Online.