Menu Close Menu

Menu

Account
Premium

GRC Assessment Framework

Download Standard

The GRC Assessment Framework™ ("OCEG Burgundy Book") provides audit and assurance professionals and those overseeing GRC capabilities with useful models, methods, and tools for proving assurance of GRC capabilities. It is also the Essential Body of Knowledge for the GRCA exam and certification.

More than 20 years ago, the OCEG Community created GRC and Principled Performance® and formalized these ideas into a structured model called the GRC Capability Model™ (“OCEG Red Book”). Shortly thereafter, the community created the GRC Assessment Tools™ (“OCEG Burgundy Book”) to help individuals measure the design and operating effectiveness of each aspect of the GRC Capability.

We have updated the Burgundy Book and formally renamed it as the GRC Assessment Framework. For this update to Version 3.5.1, the objectives were to:

● Align - Align with the updated GRC Capability Model 3.5.

● Simplify - Make them easier to understand, navigate and use.

● Clarify - Untangle and elaborate key concepts and definitions.

This is a substantial revision, and we recommend that it be reviewed by everyone, including those who previously earned the GRCA designation.

OCEG encourages those intending to use the Burgundy Book for assurance reports to obtain the OCEG GRC Audit (GRCA) certification, which demonstrates an understanding of these procedures and the GRC capabilities to which they are applied. In-house GRC professionals using the Burgundy Book also should obtain the GRC Professional (GRCP) certification.

Featured in: GRC Standards / Models , GRC Capabilities

Related Resources
Back to top
OCEG © 2002 - 2024 OCEG

Terms of Service

Privacy Policy

Refund Policy

support@oceg.org

Contact Us

Information & Billing
+1 (602) 234-9278

Principled Performance, Driving Principled Performance, Putting Principles Into Practice, OCEG, GRC360°, ActiveLearning, EventDay and LeanGRC are registered trademarks of OCEG.

Protector Skillset, Protector Mindset, Protector Code, Lines of Accountability, GRC Professional, GRCP, GRC Fundamentals, GRC Auditor, GRCA, GRC Audit Fundamentals, Data Privacy Fundamentals, Integrated Data Privacy Professional, IDPP, Policy Management Fundamentals, Integrated Policy Management Professional, IPMP, Integrated Audit & Assurance Professional, IAAP, Integrated Governance & Oversight Professional, IGOP, Integrated Strategy & Performance Professional, ISPP, Integrated Risk Management Professional, IRMP, Integrated Decision Management Professional, IDMP, Integrated Compliance & Ethics Professional, ICEP, Integrated Business Continuity Professional, IBCP, Integrated Information Security Professional, IISP are trademarks of OCEG.