Conclusion

Published: April 25, 2008   |   Updated: October 10, 2008

The Governance, Risk, and Compliance SMF provides guidance for integrating GRC activities in the context of processes and activities throughout the IT service lifecycle. This integration makes use of risk management and internal controls present in every SMF to provide consistent ways to make decisions and manage IT activities.

The major processes described in the GRC SMF are:

• Establishing IT governance.
• Assessing, monitoring, and controlling risk.
• Complying with directives.

Feedback

Please direct questions and comments about this guide to mof@microsoft.com.