Menu Close Menu

Menu

Account
Premium

GRC Assessment Framework™

Scott is the Founder of OCEG, the global nonprofit that created GRC and Principled Performance.

Academic Director

Download Standard

The GRC Assessment Framework™ ("OCEG™ Burgundy Book") provides audit and assurance professionals and those overseeing GRC capabilities with useful models, methods, and tools for proving assurance of GRC capabilities. It is also the Essential Body of Knowledge for the GRCA™ exam and certification.

More than 20 years ago, the OCEG™ Community created GRC and Principled Performance® and formalized these ideas into a structured model called the GRC Capability Model™ (“OCEG™ Red Book”). Shortly thereafter, the community created the GRC Assessment Tools™ (“OCEG™ Burgundy Book”) to help individuals measure the design and operating effectiveness of each aspect of the GRC Capability.

We have updated the Burgundy Book and formally renamed it as the GRC Assessment Framework™. For this update to Version 3.5.1, the objectives were to:

● Align - Align with the updated GRC Capability Model™ 3.5.

● Simplify - Make them easier to understand, navigate and use.

● Clarify - Untangle and elaborate key concepts and definitions.

This is a substantial revision, and we recommend that it be reviewed by everyone, including those who previously earned the GRCA™ designation.

OCEG™ encourages those intending to use the Burgundy Book for assurance reports to obtain the OCEG™ GRC Auditor™ (GRCA™) certification, which demonstrates an understanding of these procedures and the GRC capabilities to which they are applied. In-house GRC professionals using the Burgundy Book also should obtain the GRC Professional™ (GRCP™) certification.

Also available in Arabic

Featured in: GRC Standards / Models , GRC Capabilities , Standards

Related Resources
Back to top
OCEG © 2002 - 2025 OCEG

Terms of Service

Privacy Policy

Refund Policy

support@oceg.org

Contact Us

Information & Billing
+1 (602) 234-9278

Principled Performance, Driving Principled Performance™, Putting Principles Into Practice™, OCEG™, GRC360°™, ActiveLearning, EventDay and LeanGRC™ are registered trademarks of OCEG™.

Protector Skillset™, Protector Mindset™, Protector Code™, Lines of Accountability™, GRC Professional™, GRCP™, GRC Fundamentals™, GRC Auditor™, GRCA™, GRC Audit Fundamentals™, Data Privacy Fundamentals™, Integrated Data Privacy Professional™, IDPP™, Policy Management Fundamentals™, Integrated Policy Management Professional™, IPMP™, Integrated Audit & Assurance Professional™, IAAP™, Integrated Governance & Oversight Professional, IGOP, Integrated Strategy & Performance Professional, ISPP, Integrated Risk Management Professional™, IRMP™, Integrated Decision Management Professional, IDMP, Integrated Compliance & Ethics Professional™, ICEP™, Integrated Business Continuity Professional, IBCP, Integrated Information Security Professional, IISP are trademarks of OCEG™.

You purchased an automatically renewing subscription. Do you want a reminder?

Your automatically renewing subscription is active. It will automatically renew 12 months from your original purchase. If you do not want it to automatically renew, remember that you must cancel BEFORE renewal. OCEG does offer refunds AFTER charges per our Terms of Service. Would you like a reminder?