GRC, by definition, involves bringing together governance, risk and compliance disciplines from across an increasingly complex, extended enterprise with deep interlocks to customer and supplier eco-systems. While it's not realistic to expect organizations to converge on a common set of GRC processes across this complex landscape, there is huge value in taking a federated approach to GRC that leverages the common risk elements from each business unit, IT and security teams, and management of third parties.