About OCEG – We Invented GRC

OCEG is a global, nonprofit think tank that invented GRC, an acronym that denotes the integration of governance, risk and compliance, but connotes so much more.

We inform, empower, and help advance more than 50,000 members with standards, resources and certifications.

Independent of specific professions, we provide standards, resources, and certifications to fill the gaps in areas where professionals may lack experience or training so that they become more effective across all GRC disciplines.

Our core ideas and best practices are available in our free, open source standard, the GRC Capability Model (commonly called the Red Book).

We promote Principled Performance as the universal goal of any organization. Principled Performance is the reliable achievement of objectives while addressing uncertainty and acting with integrity.

Our members include c-suite, executive, management, and other professionals from small and midsize businesses, international corporations, nonprofits, and government agencies. Our members represent the full spectrum professionals with GRC responsibilities, including executives and managers in:

  • Risk
  • Compliance
  • Internal Audit
  • IT Audit
  • Information Technology (IT)
  • Human Resources (HR)
  • Finance
  • Strategy


Our philosophy and values stem from experience as Fortune 50 executives, auditors, lawyers, IT professionals, research analysts and startup entrepreneurs. We use this diverse experience to shape what we do and how we do it. We use the “Well, I should hope so / hope not” test for all of our values (we hope all of these pass the test).

  1. Open. Allow anyone to join and participate, for FREE. Make most of our resources openly available, for free. Allow other organizations to build on our resources, for free.
  2. Diverse. The community is strongest when it comprises many professions (auditors, compliance managers, lawyers, risk officers, business operators), industries, sizes, geographies and cultures.
  3. Leader and Listener. At times, we must lead the community in our mutual journey. At other times, we must listen and be led by the community.
  4. Passionate. Our passion for Principled Performance, GRC and all of our themes is evident in the way that we take firm positions in the community.
  5. Inventive. Documenting current best practices ensures that companies can reach parity. Inventing and experimenting with new practices pushes us forward.
  6. Lean. Perfect can be the enemy of the Good. We employ “Lean Startup” approaches to all of our work so that real world feedback is captured early and often.


Meet Our Team


Scott L. Mitchell Headshot
Scott L. Mitchell

Founder and Chair

Carole Stern Switzer Headshot
Carole Stern Switzer

Co-Founder and President

Stephane G. Legay Headshot
Stephane G. Legay

Chief Technology Officer

Jeanna Mitchell Headshot
Jeanna Johnston

Director of Finance

Melissa Lentz Headshot
Melissa Lentz

Director of Education 

Carole Waesche Headshot
Carole Waesche

Knowledge Manager at OCEG

Our History

Learn a bit about how this all started.

2002 – OCEG Founded

October 1, 2002 OCEG was founded in the wake of the “dot com bust” and notable corporate failures such as Enron, Worldcom, and Healthsouth. Our initial mission was to improve corporate compliance and ethics, and so we were named the Open Compliance and Ethics Group. Very rapidly, our members found conversations expanding beyond compliance and ethics — moving into performance management, risk management, governance, and assurance. So now, we simply go by OCEG.

2003 – Inaugural Advisory Board

June 4, 2003 The Advisory Board was composed of senior leaders from the corporate and academic communities. It was responsible for guiding and shaping OCEG’s initial mission, vision, and statement of principles. Members include:

B. Charles Ames
Co-Chair, OCEG Advisory Board
Vice-Chair, Clayton, Dubilier & Rice; director of Riverwood and Progressive Insurance
Ron Berenbeim
Director of Ethics Research, The Conference Board
Alfred Berkeley
Former Vice-Chair, NASDAQ
Rick Braddock
Chairman, Priceline; Former President Citibank; Board Member, Kodak; board Member, Cadbury-Schwepps
Beth Brooke
Vice-Chair, Ernst & Young
John J. Castellani
President, The Business Roundtable
Dan DiFilippo
US Managing Partner, Governance, Risk & Compliance, PricewaterhouseCoopers
Lee Dittmar
Principal, Deloitte
Charles Elson
Executive Director, Center for Corporate Governance, University of Delaware
Bob Felton
Managing Partner for Corporate Governance Practice, McKinsey & Co.
Jean FitzSimon
Principal, Bridge Associates; co-chair for the Practising Law Institute’s Corporate Compliance Institute; co-chair of the American Bar Association’s Corporate Compliance Committee
Stephen J. Friedman
President, Pace Law School; former Partner, Debevoise & Plimpton; President of the Practising Law Institute; former Commissioner of SEC
Peter Gleason
COO, National Association of Corporate Directors
Jack Hampton
Former Executive Director, The U.S. Risk and Insurance Management Society
Joseph Hardiman
Former CEO, NASD and NASDAQ; former President of Alex Brown
Dave Heller
VP Risk Management and Chief Compliance Officer, Qwest
Ray J. Groves
Co-Chair, OCEG Advisory Board
Former CEO, Ernst & Young; Director of EDS, MMC, and Gillette
Scott L. Mitchell
Chairman and CEO, OCEG
Chairman and CEO, DoubleDrum Capital
Jack Kemp
Co-founder and chairman, Corporate Diagnostics; chairman, FreedomWorks; founder and chairman, Kemp Partners; former US Congressman, Cabinet Secretary and Vice Presidential Candidate (1935 – 2009)
Richard Koppes
Of Counsel, Jones Day; co-chair of Stanford Law School Executive Education; Director of the Investor Responsibility Research Center (IRRC); former general counsel and deputy officer of CalPERS
Peter Kreindler
General Counsel, Honeywell International, Inc.
Patricia Leonard
COO, American Management Association
Andrall E. Pearson
Founding Chairman, Tricon; director, Citigroup; YUM Brands, the Metropolitan Museum of Art, and the NYU Medical Center; professor emeritus, Harvard (1925 – 2006)
Joseph J. Plumeri
Executive Chairman and CEO, Willis Group Holdings LTD
Ned Regan
President, Baruch College; former Comptroller State of New York
Gerald Rosenfeld
CEO, Rothschild; Director of Case, Continental Grain
Doug Shulman
President, NASD Regulatory & Compliance Services
Richard Steinberg
Author, COSO Internal Control & COSO ERM; Partner, Steinberg Governance Advisors; former Managing Partner for Corporate Governance Practice, PricewaterhouseCoopers
Ken Thrasher
Chairman and CEO, Compli
Former CEO, Fred Meyer Stores, Division of Kroger
Gabe Shawn Varges
Senior Executive Legal Officer, Zurich Financial Services;
co-chair for the Practising Law Institute’s Corporate Compliance Institute; chair Corporate Counsel Association’s European Corporate Governance Committee
Christopher E. Watson
Chairman and CEO, Gulf Insurance
Leo C. O’Neill
Former President, Standard & Poor’s (1940-2004)
Jack Jennings
Executive Vice President, Willis; Executive Advisory Council of St. John’s University School of Risk Management

2004 – “Red Book” Released, GRC Defined

April 15, 2004 After months of analysis, collaboration, and vetting, the first OCEG standard emerges. Originally called the OCEG Capability Model, the cover was a deep red. It quickly became known as the OCEG Red Book. This standard provided both high-level and detailed practices that helped organizations address compliance and ethics issues. However, even before it was issued, the OCEG community knew that there was something more important on the horizon. This “more important” matter was GRC or “the integration of the governance, assurance and management of performance, risk, compliance and ethics” (from GRC Glossary).

2005 – GRC Evolves, Red Book, and Audit

May 15, 2005 After defining GRC and developing high-level concepts, the OCEG community begins work on version 2 of the OCEG Capability Model. Renamed the GRC Capability Model to reflect the more broad view, the standard gains wide adoption with over 100,000 downloads in a single year. The desire to audit governance, risk management and compliance leads the OCEG community to develop the GRC Assessment Model (known as the “Burgundy Book”).

2006 – Recognition, Principled Performance

Membership reaches 2,500. OCEG and GRC as a concept were fully recognized. Analysts at Forrester, Gartner, and IDC began using GRC as a way to organize software that addressed governance, assurance and management of performance, risk, compliance, and ethics. OCEG and its executives were recognized by Business Finance Magazine, Treasury and Risk Magazine and others. “Principled Performance” is initially defined by the OCEG Leadership Council to describe the goal of GRC. Stated differently, GRC is the means; Principled Performance is the desired end-state.

2009 – Desk Set Updated, Certifications Begin

Membership reaches 15,000. The OCEG GRC “Desk Set” is updated with GRC Capability Model (Red Book) 2.0, GRC Assessment Model (Burgundy Book) 2.0; and GRC Solutions Model 2.0. Several Fortune 500 companies begin planning to be certified using OCEG standards.