GRC Capability Model™ 3.5 (OCEG Red Book) PREMIUM EDITION
Scott Mitchell
Scott is the Founder of OCEG, global nonprofit that created GRC and Principled Performance.
This special premium edition of the GRC Capability Model is (Red Book) includes a Tools & Techniques Appendix with 90 different resources to enhance your ability to understand and implement the concepts taught throughout the framework.
What is the GRC Capability Model?
The GRC Capability Model (also known as the OCEG Red Book) teaches GRC professionals how to achieve Principled Performance - the reliable achievement of objectives while addressing uncertainty and acting with integrity.
GRC is the integrated collection of capabilities that enable an organization to achieve Principled Performance.
The GRC Capability Model is the first (and only) open-source standard that integrates the various sub-disciplines of governance, strategy, risk, audit, compliance, ethics/culture, and IT into a unified approach.
You may use and evolve this standard to address a range of situations, from small projects to organization-wide rollouts, as well as various subject areas, from anti-corruption to business continuity to third-party management.
The GRC Capability Model is an excellent tool to frame conversations about GRC capabilities with the board, senior executives, and managers.
You may also consider using this GRC Capability Model with more specific frameworks from organizations such as ISO, COSO, ISACA, IIA, and NIST. With these narrower frameworks, you can jump-start a program appropriate for your organization.
What’s New in 3.5?
This year, OCEG celebrates the 20th anniversary of its dedication to Principled Performance. As we commemorate 20 years of commitment to equipping professionals with interdisciplinary skill sets, it only feels right to release the newest version of our original framework: The GRC Capability Model 3.5.
The 3.5 model marks a significant milestone in advancing the field of GRC. With its simplified, clarified, and augmented content, this model empowers GRC professionals to navigate the complexities of today's business landscape and effectively address the trillion-dollar problem caused by unprincipled conduct.
With the help of a panel of 300+ experts, OCEG studied 500+ organizations to document best practices in this GRC Capability Model (commonly called the OCEG Red Book). The Red Book:
- Unifies vocabulary across disciplines
- Defines common components and elements
- Defines common information requirements
- Standardizes practices for things like policies and training
- Identifies communication for everyone involved
It’s not enough to aggressively move toward established objectives. For success, we must consider the boundaries of laws, social mores, and uncertainties regarding potential risks and rewards.
Nor can the management of risk, compliance, and ethical conduct be separated from the objective-seeking activity. Everything must be brought into alignment and operated through fully integrated governance, risk management, and compliance capabilities.
What's Consistent?
The Red Book remains true to the above goals and true to the core framework OCEG has taught for over 20 years:
- LEARN about the organization's context, culture, and key stakeholders to inform objectives, strategy, and actions.
- ALIGN strategy with objectives, and actions with strategy, using effective decision-making that addresses values, opportunities, threats, and requirements.
- PERFORM actions that promote and reward desirable things, prevent and remediate undesirable things, and detect when something happens as soon as possible.
- REVIEW the design and operating effectiveness of the strategy and actions, as well as the ongoing appropriateness of objectives to improve the organization.
Companion Materials
Additional companion infographics in the OCEG GRC Capabilities Illustrated series.
- LEARN Component Illustration
- ALIGN Component Illustration
- PERFORM Component Illustration
- REVIEW Component Illustration
Featured in: Capability Model , Integrated GRC , Standards