GRC Certification Exams

All of our certifications use the same model, so the exam structure and approach are similar for each one. The only thing that differs is the essential body of knowledge associated with each certification.

Exams cover awareness and application of concepts found in the essential body of knowledge (EBK) associated with each certification.

All exams are available as part of the All Access Pass, and there are no other costs:

  • No additional exam fees - the exam is included in your paid membership
  • No re-take fees - up to 6 re-takes if you don't pass the first time
  • No travel costs - the exam is online
  • No additional preparation fees - preparation materials are included

Below, you will find an example of an exam structure and approach for the GRC Professional (GRCP) exam.

Key information about the GRCP Exam

  • There are 100 questions to answer
  • You have up to 2 hours
  • You need to correctly answer 70 to pass

What topics are covered?

15% General Knowledge / Introduction

  • Understand key terms and definitions related to GRC
  • Understand key principles and business drivers behind GRC, like Principled Performance
  • Understand the benefits of integrating GRC
  • Understand how GRC relates to other disciplines/professions
  • Understand the background information found in the introduction of the Red Book

85% GRC Capability Model Details

  • Understand key management actions and controls
  • Understand design and implementation considerations
  • Learn – 20%, Align – 30%, Perform – 30%, Review – 5%

How difficult is the GRCP exam?

Most people who pass the exam report that they carefully studied the GRC Capability Model and completed the GRC Fundamentals course.

Those who fail tend to pass on a subsequent attempt so long as they study and complete the GRC Fundamentals videos.

In other words ... STUDY and WATCH the videos if you want to pass the exam.

How long does it take to prepare?

Preparation time varies based on your experience.

People who pass the exam report anywhere from 2 hours to 40 hours of preparation before the exam. This wide range seems to be explained by the differences in background.

If you are more experienced in governance, risk, audit, compliance, ethics or IT, then less time may be required to prepare vs. someone new to GRC.

How long does the exam itself take?

You have 2 hours to complete the exam. Most people use the entire 2 hours.

Is the exam open book?

YES! The GRCP Exam is open book which means that you may use Google and other resources while taking the exam. However, don't be fooled! The exam is challenging even with the help of these resources.

The process and exam should reflect modern reality. You use Google and online resources every day in your job. You should be able to use these resources to learn. You should even be able to use these resources when you take the exam.

What score do I need to pass the exam?

You must correctly answer 70 of the 100 questions to pass the exam.

When do I find out if I passed the exam?

You get your result immediately after taking the exam. If you pass, then your certificate is immediately available for printing.

What happens if I fail the first time? Second time?

You may retake the exam up to 6 times per year to eventually pass the exam. If you need more than 6 times, then you need to wait until the following year.

We believe that Certification should be part of the learning process and help reinforce understanding and not just be a point-in-time proof of memorized knowledge.

Our database of questions is extensive, so it is unlikely that you will see the same questions each time you attempt the exam. In other words, BE FULLY PREPARED each time that you attempt the exam.

Do I need to “re-certify” every year?

NO! You only need to pass the exam once.

We use continuing education requirements to ensure that you stay current with new developments in GRC. You can review the other requirements to maintain your GRCP certification.

How was the GRCP exam developed?

The GRCP topics and questions were determined by conducting an extensive job analysis of over 500 GRC Professionals in June 2010.

Participants in the job analysis were asked to analyze over 200 skills and determine their significance to a GRC professional, executive or auditor.

The job analysis and other research yielded a competency model that serves as a blueprint for the GRCP.

We update the GRC Capability model and GRC Professional Exam to reflect important changes in the marketplace.