The value of the iGRC programme is an assurance that the integrity of critical controls and measures will maintain a low probability of occurrence of high impact risk events.

- Organisation maturity – assumes the organisation is already at maturity level one, that is to say GRC embedded into organisation processes, a relatively mature risk register, and controls and measures in place to address critical risk events

- Business issue – the business case should target high impact risk events, low probability of occurrence, “maintaining this status”

- RoI – value of impact already quantified by client risk register – high impact risk events

- Vertical – target CNI vertical with critical high impact risk events