Successful risk management today may start with governance, risk and compliance (GRC), but it shouldn’t end there. As more and more organizations embrace digital transformation, business risk grows in scope and complexity, and the need to manage it in a more agile, responsive manner becomes increasingly pressing. GRC in its initial incarnation—a set of tools for managing compliance risk—remains valuable for that specific challenge, but it aligns less precisely with today’s evolving definitions of risk and risk management. The answer is not to abandon GRC, though; rather, it’s to allow it to evolve into an approach that is better suited to today’s multifaceted challenges: integrated risk management. This paper maps out the path from a pre-digital, compliance-driven risk-management strategy to an adaptable, integrated approach that can keep pace with the fast-changing digital world.