The Easy Way to Assess GRC Capabilities
Cra
The Easy Way to Assess GRC Capabilities
‘Atticle filed in Assurance / Audit, Capability Model
{As a GRC professional, or auditor, how do you provide assurance on the GRC capabilities within
your organization? Where do you tum?
‘As a GRC professional or auditor, how do you provide assurance onthe GRC capabilities within your
organization? where do you tun?
Crganizations need a natural progression and interaction between governance, risk management and
compliance (680). Regulatory fines, the global nature of business, andthe complexity of technology
demand it
Don't reinvent the wheel ~ OGEG has the resources to help you.
Finding Help To Build GRC Capabilities
In my fit job as @ Chief Auelt Executive (CAE), | needee to establish anew intemal audt department
at my organization. had been ausiting for many years, but had never started @ new aust department.
|tumed tothe Insitute of Internal Auditors (IA for help. At the IAI found a wonderful resource on
how to start an intemal audit department. learned al the necessary steps and | even found sample
‘templates. Within a short time I had all the pleces in lace. No need to reinvent the wheel‘Years later, in a new organization, | found myself responsible fr ethics and compliance. | was familiar
with ethics and compliance, but had never set up a capabiltyin an organization.
|tumed to OCEG and found the GRC Capabilly Madel. The Red Book (as it's called) helped me
perform a gap analysis at my organization. had a road map. | knew al the necessary components
and elements Ineeded to have in an integrated ethics ané compliance capability. Within a short time!
knew what we needed todo, No need to reinvent the whee!
‘As many of you know, tobe successful you must measure the effectiveness of your processes ané
capabiltis. But where do you goto find help measuring integrated GRC?
If You Build It You Must Audit It
‘o years ago, a group of leaders who worked with OCEG decided we needed a consistent way to audit
GRC capabilities
‘We came together as a community and developed the GRC Assessment Taols. We worked to develop
an approach that any organization can use, We took the time and effet to practice the procedures on
‘our own organizations. We made sure they worked
GRC Assessment Tools
Gre
ASSESSMENT
TOOLS
‘The purpose ofthe GRC Assessment Tools (Gurgundy Book sto provide a guideline for GRC
professionals, as well as those responsible for proving assurance. The Burgundy Book provides 2
‘common set of assessment procedures and a common understanding of what to expect during an
assessment of GRC Capabilities. These procedures align to the OCEG GRC Capabilty Model ané you
‘can use them for sel-assessment as well as independent assessment,
(OCEC'S goals in eating the Burgunéy Book are to:+ Help organizations evaluate the design and operating effectiveness of ther GRC Capability
+ Reduce the cost of euch evaluations by eliminating the time and expense of creating procedures
+ Raise the overall level of maturity and quality of organizational GRC globally by helping
individual organizations creat thei priortzed improvernent plans
+ Provide external judgment and recognition of sound practices
Be Informed. As an OEG Basic Member it's fee to join) you can download the GRC Capability Model
and an excerpt ofthe GRC Assessment Tools
Measure Your GRC Capabilities
(0CEE recently released the newest version of the OCEG GAC Assessment Tools that aligns with
version 3.0 of the OCEG GRC Capabilly Model,
‘You can leat more by downloading an exce:pt Of if you have an OCEG All Access Pass, you can
aceess the complete GRC Assessment Toals document
‘Again, there Is no need to reinvent the wheel, since others before you already did the work. Allyou
have todo is download and use the available resources,
0 Meford
Jason Meffordis a sought ater ex
BL peaker on risk ma
ach, thought leadet and p
gement, GRC, and internal audit tapios
SHARE
RELATED CONTENT
Tags: assuance gio standavds
GRC
CAPABILITY
MODEL™
Learning Lessons for ‘980 Capability Model Compliance nthe sig
Princioled Pecformance ‘(Condensed Rec Book) ‘Economy[AModem Proposal Let’ “Three Ways to Maintain
‘Change the Way We Tale Professional Culture
‘About Contals|
About Standards Resownes Webinars Education Events evtfcations Blog