Governance, risk, and compliance (GRC) issues are increasingly pervading the IT space, with these concepts transcending silos such as central and distributed IT units, information security, and service management. As campus investment in information technology and campus reliance on information systems have grown, so has the need for reliable structures and measures to ensure success and minimize failure. GRC programs intend to do just that: they develop a framework for the leadership, organization, and operation of the institution's IT areas to ensure that those areas support and enable the institution's strategic objectives. As EDUCAUSE President and CEO Diana Oblinger notes, GRC programs are about "getting your ducks in a row." GRC programs align institutional activities with the larger institutional goals (i.e., governance) and allow the identification of challenges and opportunities (i.e., risk). When internal requirements and external mandates are lined up (i.e., compliance), institutional activities have the best chance for success--especially in stormy weather or where danger lurks. This issue of "EDUCAUSE Review" is devoted to better understanding the role of GRC programs in higher education IT organizations.