The Easy Way to Assess GRC Capabilities Cra The Easy Way to Assess GRC Capabilities ‘Atticle filed in Assurance / Audit, Capability Model {As a GRC professional, or auditor, how do you provide assurance on the GRC capabilities within your organization? Where do you tum? ‘As a GRC professional or auditor, how do you provide assurance onthe GRC capabilities within your organization? where do you tun? Crganizations need a natural progression and interaction between governance, risk management and compliance (680). Regulatory fines, the global nature of business, andthe complexity of technology demand it Don't reinvent the wheel ~ OGEG has the resources to help you. Finding Help To Build GRC Capabilities In my fit job as @ Chief Auelt Executive (CAE), | needee to establish anew intemal audt department at my organization. had been ausiting for many years, but had never started @ new aust department. |tumed tothe Insitute of Internal Auditors (IA for help. At the IAI found a wonderful resource on how to start an intemal audit department. learned al the necessary steps and | even found sample ‘templates. Within a short time I had all the pleces in lace. No need to reinvent the wheel‘Years later, in a new organization, | found myself responsible fr ethics and compliance. | was familiar with ethics and compliance, but had never set up a capabiltyin an organization. |tumed to OCEG and found the GRC Capabilly Madel. The Red Book (as it's called) helped me perform a gap analysis at my organization. had a road map. | knew al the necessary components and elements Ineeded to have in an integrated ethics ané compliance capability. Within a short time! knew what we needed todo, No need to reinvent the whee! ‘As many of you know, tobe successful you must measure the effectiveness of your processes ané capabiltis. But where do you goto find help measuring integrated GRC? If You Build It You Must Audit It ‘o years ago, a group of leaders who worked with OCEG decided we needed a consistent way to audit GRC capabilities ‘We came together as a community and developed the GRC Assessment Taols. We worked to develop an approach that any organization can use, We took the time and effet to practice the procedures on ‘our own organizations. We made sure they worked GRC Assessment Tools Gre ASSESSMENT TOOLS ‘The purpose ofthe GRC Assessment Tools (Gurgundy Book sto provide a guideline for GRC professionals, as well as those responsible for proving assurance. The Burgundy Book provides 2 ‘common set of assessment procedures and a common understanding of what to expect during an assessment of GRC Capabilities. These procedures align to the OCEG GRC Capabilty Model ané you ‘can use them for sel-assessment as well as independent assessment, (OCEC'S goals in eating the Burgunéy Book are to:+ Help organizations evaluate the design and operating effectiveness of ther GRC Capability + Reduce the cost of euch evaluations by eliminating the time and expense of creating procedures + Raise the overall level of maturity and quality of organizational GRC globally by helping individual organizations creat thei priortzed improvernent plans + Provide external judgment and recognition of sound practices Be Informed. As an OEG Basic Member it's fee to join) you can download the GRC Capability Model and an excerpt ofthe GRC Assessment Tools Measure Your GRC Capabilities (0CEE recently released the newest version of the OCEG GAC Assessment Tools that aligns with version 3.0 of the OCEG GRC Capabilly Model, ‘You can leat more by downloading an exce:pt Of if you have an OCEG All Access Pass, you can aceess the complete GRC Assessment Toals document ‘Again, there Is no need to reinvent the wheel, since others before you already did the work. Allyou have todo is download and use the available resources, 0 Meford Jason Meffordis a sought ater ex BL peaker on risk ma ach, thought leadet and p gement, GRC, and internal audit tapios SHARE RELATED CONTENT Tags: assuance gio standavds GRC CAPABILITY MODEL™ Learning Lessons for ‘980 Capability Model Compliance nthe sig Princioled Pecformance ‘(Condensed Rec Book) ‘Economy[AModem Proposal Let’ “Three Ways to Maintain ‘Change the Way We Tale Professional Culture ‘About Contals| About Standards Resownes Webinars Education Events evtfcations Blog