Compliance is defined within the OCEG framework as the state of adherence to an organization's obligations. These obligations include both mandatory requirements (e.g., laws, regulations) and voluntary commitments (e.g., internal policies, ethical codes). Therefore, the process of measuring how well an organization is meeting these defined obligations is the core activity of assessing compliance. This measurement confirms whether the organization is operating within its required boundaries and commitments.

A. Performance: Performance measures the achievement of strategic and operational objectives. While meeting obligations can be an objective, performance is a broader concept focused on effectiveness and efficiency in reaching goals.

B. Risk: Risk is the effect of uncertainty on objectives. It represents the potential for future events to impact the achievement of goals, including the goal of meeting obligations, rather than the current state of adherence.

1. OCEG. (2021). GRC Capability Model ("The Red Book"), Version 3.5.

Section 2.2.3, The Outcome of Principled Performance: "Compliance is the state of adherence to the organization’s mandatory and voluntary obligations." This directly links the concept of compliance to meeting obligations.

Glossary, Page 113: Defines "Compliance" as "Act of adhering to, and the ability to demonstrate adherence to, mandatory requirements and voluntary commitments."

Glossary, Page 116: Defines "Obligation" as "A requirement that an organization must, or chooses to, meet."

2. Racz, N., Weippl, E., & Seufert, A. (2010). A frame of reference for research of integrated Governance, Risk, & Compliance (GRC). Proceedings of the 43rd Hawaii International Conference on System Sciences.

Section 3.2, GRC Definitions: The paper, referencing OCEG, discusses compliance as being concerned with conforming to stated requirements (obligations), distinguishing it from risk management (addressing uncertainty) and governance (steering the organization). (DOI: https://doi.org/10.1109/HICSS.2010.374)