GRC standards recognize that the governance, management and assurance of performance, risk and compliance require common capabilities and methods.
By using these standards your organization will:
By using these standards you, as a professional will:
GRC Standards define the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity
The OCEG community "invented" GRC in 2003 and has spent over a decade perfecting the approach. With the help of a panel of 100+ experts, OCEG studied 250+ organizations to document best practices in the GRC Capability Model (commonly called the OCEG Red Book)
The GRC Capability Model was originally published in 2005 and has gone through several revisions. Each revision is led by Co-Chairs of a Steering Committee comprised of leading professionals from governance, risk management, audit, compliance, ethics/culture and IT.
Together, these professionals work to improve the standard practices that comprise an integrated GRC Capability.
The GRC Capability Model is the core standard that provides:
The GRC Assessment Tools provides everything you need to assess or audit GRC Capabilities including:
The GRC Technology Model details the technology ecosystem including: