PUBLIC EXPOSURE DRAFT

In 2005, OCEG released the OCEG Framework Foundation Version 1.0 ("Red Book") -- the only publicly vetted model for integrated governance, risk management, compliance and ethics management (GRC). The Red Book was beta tested in several leading companies (Dell, Wachovia, DuPont, Archer Daniels Midland, Qwest, Staples and Gevity HR) and reviewed during the initial comment period by more than 5,000 individuals.

Leading publications including The Wall Street Journal, Business Finance magazine, InsideCounsel magazine, Treasury & Risk Magazine, Compliance Week, and academic journals have recognized the Red Book. It is widely lauded for articulating the value of integrated GRC and demonstrating that it is possible to achieve this value. After three years of use by organizations of various size and type, and receipt of feedback on that use, it is time to update the Red Book to reflect the evolution of GRC that the OCEG community has driven.

Red Book Version 2.0

Over the past six months, OCEG has worked with a committee of esteemed experts, including many in-house GRC professionals, external advisors and auditors, and academics, to develop Version 2.0 of the Red Book, which contains the GRC Capability Model™ - the central piece of the OCEG Framework. It provides a comprehensive guide for anyone implementing and managing a GRC system or some aspect of that system (e.g., compliance, training, hotline, investigations). As a downloadable document, the Red Book includes a narrative overview and presents the Components of the Model in detail. Following completion of the public exposure period, the Model also will be contained in a searchable database on the OCEG site. OCEG enterprise members will be able to create custom reports drawing from the Model and additional OCEG resources including OCEG's content domains, GRC system assessment guide, and voluminous Requirements Database of laws, regulations, rules, cases, standards and other global guidance mapped to the Model.