GRC Audit Certification – GRCA

The GRC Audit (GRCA) certification ensures that you understand and are able to audit GRC activities. You must have a GRC Professional (GRCP) certification before you can apply for a GRCA certification.

GRCP - GRC Professional Certification

What Is The GRC Audit Certification?

The GRCA certifies an individual has the core understanding, skills, and competence to assess, evaluate, and audit the performance of GRC activities and controls.

The GRCA builds on top of the GRCP Certification.


How do I get a GRCA Certification

The GRCA does not require an additional examination. It is awarded based on review of the items below.


Hold a GRCP You must hold a current and active GRCP certification.


Complete an approved GRCA training class

  • GRCA Seminar: Attend an in-person or online seminar through an approved OCEG instructor to learn how to audit using internal and external audit standards
    • See the list of In-Person Events and Online Training (you must attend a GRCA seminar if you are relying on audit experience alone, without having a current certification/license as above)
  • Online: Watch the GRC Audit Video Series, if you have a qualifying audit certification or license (current and active CIA, CPA, CA, CISA or equivalent). If you do not have a qualifying audit certification or license, you can still qualify by completing a separate Online Training.
    • To determine if your audit certification or license qualifies as an "equivalent", please e-mail

Submit the GRCA Application This application includes proof of license or certification; proof of professional experience and evidence of GRCA training.

For Every GRC Auditor

“A GRC Auditor is someone who is proficient in using internal and external audit standards to audit GRC activities. This includes understanding, assessing, and evaluating key components, practices and activities, to build and execute a risk-based audit plan for governance, performance management, risk management, internal control, compliance, or ethics activities.”



What does the GRCA cover?
  • Using internal and external audit standards to audit GRC activities
  • Key components, practices and activities to audit
  • How to build and execute an audit plan for GRC
How do I verify if someone has a GRCA certification?

An individual who holds a valid GRCA is able to produce and present a digital certificate at any time. To verify authenticity and current status of an OCEG GRCA, contact


If you have a question not answered here, please send us your questions and we will get back to you shortly!

Submit Your Question