GRC Certification – The Top 10 List

I’ve been getting a lot of questions lately about the GRC Professional Certification and the companion GRC Audit Certification. So, I thought I’d tackle them all at once.

Here we go:

1. What is a GRC Professional?

An individual that spends substantial time helping an organization achieve principled performance by leading, planning, performing, enabling, integrating or auditing governance, performance management, risk management, internal control, compliance or ethics activities.

2. What is the GRC Professional Certification?

GRC Professional (GRCP) certification is the only credential that ensures understanding of the OCEG GRC Capability Model (Red Book). OCEG’s Red Book is the only true GRC capability model — and it is independent of a specific profession or vendor solution.

Read more

Putting the “L” for Legal into GRC

I was an environmental lawyer in private practice back in the day, and during the 20 years I had that job I served dozens of in-house legal departments that made important contributions to governance, risk management and compliance (GRC) in their companies. As I worked environmental due diligence for acquisitions, or advised on the regulatory impact of changes in manufacturing operations, or conducted assessments of compliance programs, I saw firsthand the significant role that Legal has in GRC, both as an adviser and as a conduit of information that is critical to the strategic leaders of the organization.

Read more
roundtable, conference, meeting room (1)

Compliance Investigations: Do You Want to Improve the Business or Not?

My colleagues at Littler and I have seen organizations that believe compliance investigations are a “one off” activity. They mistakenly believe that as soon as they make a policy change or terminate the problem, employees will stop complaining, the investigations will come to an end and the business can return to “normal.” Organizations and mangers with this mindset are wrong for three reasons.

Read more

How does your GRC Technology Strategy Measure Up?

I often say that organizations have been engaged in governance, risk management and compliance in one way or another, since the beginning of society. Over the past 10 – 15 years, with the onset of the concept of GRC as integrated capabilities that drive Principled Performance, the structures and processes to drive these activities have matured. And, at the same time, the availability of technologies to support these efforts has grown at an exponential rate.

Read more

A Modern Proposal: Let’s Change the Way We Talk About Controls

If you have any familiarity at all with internal control concepts, you probably have an understanding of the traditional designations of preventive, detective and corrective controls that relate to discouraging, finding, or correcting errors and irregularities. In the modern business world, I submit that this approach to internal control is simply not enough, and both the names for these groups of controls and the definitions of them must evolve.

Read more
Business man pointing to black board with text: Send Your Resume

Building a Better GRC Resume

The career path for executives, managers and team members in GRC is expanding faster than ever before. Just a few years ago it looked like a meandering unpaved trail, and today it more resembles a multi-lane super highway. The skills and knowledge you need to perform as a contributing member of a modern GRC team have matured.

Read more