GRC functional and technical roles - Legacy

These roles provide access to Governance, Risk, and Compliance (GRC) and can perform all the activities of the roles they contain.

GRC provides four functional roles that describe general compliance responsibilities in the system. This is a best practice approach to granting auditors, approvers, and users who manage control tests the technical roles they need to perform their jobs. These roles can be modified to suit an organization's needs.

GRC technical roles grant specific capabilities to users in the system and are combined to create the functional roles.
Note: Users with the ITIL role have access to the application and can edit control tests, remediation tasks, and audits.
Figure 1. GRC technical and functional roles