Our Vision

Principled Performance® Everywhere

OCEG is a nonprofit think tank that is dedicated to achieving a world where every organization and every person strives to achieve objectives, address uncertainty and act with integrity. This approach to business, and to life, is what we call Principled Performance.

Driving Principled Performance®

We were founded in 2002 to promote Principled Performance as the universal goal of any organization, team and individual.

Inventing & Improving GRC

We invented GRC (integration of governance, risk management and compliance) and the GRC Capability Model as the means to achieve Principled Performance.

GRC Resources & Certifications

We provide standards, resources, and certifications to help key professions become more effective across all disciplines.

GRC Professionals are everywhere

We have over 120,000 members on 6 continents in 180+ countries and 3,600+ cities.

“I’d encourage any employer with openings in compliance, risk, audit, and other GRC roles to look for the GRCP or GRCA on the resumes they review.” J. Kelly
“GRCP Certification gave me the ability to understand and communicate areas of GRC where I am not experienced.” L. Harrington
“GRCP helped me when I applied for a new job” S. Craig
“Having the ability and vision to interlink the governance, risk and compliance roles all together to achieve any organization's objectives, is just brilliant!” B. Al Eche
“If you desire to showcase true Principled Performance that utilizes and integrates GRC principles and processes, this is for you!” S. White
“I already hold several other credentials from renown institutes, yet I feel that the GRCP has given me an edge over peers.” R. El Khatib

OCEG is a nonprofit think tank that invented Principled Performance and GRC to solve age-old problems

The Problem

At the turn of the century, in the early 2000s, scandals rocked the global economy evaporating millions of jobs and trillions of dollars of wealth.

At the root of these scandals were siloed, misguided, and ineffective systems intended to address governance, risk, compliance and ethics.

For example, strategic systems were separate from performance management systems, which were separate from risk management systems, which were separate from compliance management systems, and so on.

Unfortunately, this "siloed approach" was all too common and the seeds of future problems continued to grow in this deficient current state.

The Solution

OCEG wanted to create a future state that was more effective, more efficient and able to address modern challenges.

So, with a panel of over 100 experts, we invented and innovated the ideas behind Principled Performance and GRC to break down silos between governance, strategy, performance management, risk management, compliance management, internal audit and other departments

We published open source standards so that everyone could have access.

What this means is that people from diverse backgrounds and professions can get on the same page and be more principled performers:

  • Governance and strategy
  • Risk management
  • Audit and internal audit
  • Compliance and legal
  • Ethics and culture
  • IT

We created a streamlined education and certification program to give professionals an opportunity to kickstart a career -- or to add to their existing career.

Our Members

Our members include professionals from small and midsize businesses, large international corporations, nonprofits, and government agencies. Our members represent the full spectrum professionals with GRC responsibilities and job titles such as:

Job Responsibilities

Risk Management
Information security
Culture & Ethics
Internal Audit

Job Titles

Board Member
Compliance Manager
Risk Manager
Audit Executive
Internal Auditor
IT Auditor
Corporate Counsel


Our philosophy and values stem from experience as Fortune 50 executives, auditors, lawyers, IT professionals, research analysts and startup entrepreneurs. We use this diverse experience to shape what we do and how we do it. We use the “Well, I should hope so / hope not” test for all of our values (we hope all of these pass the test).


Allow anyone to join and participate, for FREE. Make most of our resources openly available, for free. Allow other organizations to build on our resources, for free.


The community is strongest when it comprises many professions (auditors, compliance managers, lawyers, risk officers, business operators), industries, sizes, geographies and cultures.

Leader and Listener

At times, we must lead the community in our mutual journey. At other times, we must listen and be led by the community.


Our passion for Principled Performance, GRC and all of our themes is evident in the way that we take firm positions in the community.


Documenting current best practices ensures that companies can reach parity. Inventing and experimenting with new practices pushes us forward.


Perfect can be the enemy of the good. We employ “Lean Startup” approaches to all of our work so that real world feedback is captured early and often.

Our History

2002 – OCEG Founded

OCEG was founded in the wake of the “dot com bust” and notable corporate failures such as Enron, Worldcom, and Healthsouth. Our initial mission was to improve corporate compliance and ethics, and so we were named the Open Compliance and Ethics Group. Very rapidly, our members found conversations expanding beyond compliance and ethics — moving into performance management, risk management, governance, and assurance. So now, we simply go by OCEG.

2003 – Inaugural Advisory Board

Our inaugural Advisory Board was composed of senior leaders from the corporate and academic communities. It was responsible for guiding and shaping OCEG’s initial mission, vision, and statement of principles. GRC was invented as a shorthand reference to the critical capabilities that must work together to achieve Principled Performance — the capabilities that integrate the governance, management and assurance of performance, risk, and compliance activities.

B. Charles Ames
Co-Chair, OCEG Advisory Board
Vice-Chair, Clayton, Dubilier & Rice; director of Riverwood and Progressive Insurance
Ron Berenbeim
Director of Ethics Research, The Conference Board
Alfred Berkeley
Former Vice-Chair, NASDAQ
Rick Braddock
Chairman, Priceline; Former President Citibank; Board Member, Kodak; board Member, Cadbury-Schwepps
Beth Brooke
Vice-Chair, Ernst & Young
John J. Castellani
President, The Business Roundtable
Dan DiFilippo
US Managing Partner, Governance, Risk & Compliance, PricewaterhouseCoopers
Lee Dittmar
Principal, Deloitte
Charles Elson
Executive Director, Center for Corporate Governance, University of Delaware
Bob Felton
Managing Partner for Corporate Governance Practice, McKinsey & Co.
Jean FitzSimon
Principal, Bridge Associates; co-chair for the Practising Law Institute’s Corporate Compliance Institute; co-chair of the American Bar Association’s Corporate Compliance Committee
Stephen J. Friedman
President, Pace Law School; former Partner, Debevoise & Plimpton; President of the Practising Law Institute; former Commissioner of SEC
Peter Gleason
COO, National Association of Corporate Directors
Jack Hampton
Former Executive Director, The U.S. Risk and Insurance Management Society
Joseph Hardiman
Former CEO, NASD and NASDAQ; former President of Alex Brown
Dave Heller
VP Risk Management and Chief Compliance Officer, Qwest
Ray J. Groves
Co-Chair, OCEG Advisory Board
Former CEO, Ernst & Young; Director of EDS, MMC, and Gillette
Scott L. Mitchell
Chairman and CEO, OCEG
Chairman and CEO, DoubleDrum Capital
Jack Kemp
Co-founder and chairman, Corporate Diagnostics; chairman, FreedomWorks; founder and chairman, Kemp Partners; former US Congressman, Cabinet Secretary and Vice Presidential Candidate (1935 – 2009)
Richard Koppes
Of Counsel, Jones Day; co-chair of Stanford Law School Executive Education; Director of the Investor Responsibility Research Center (IRRC); former general counsel and deputy officer of CalPERS
Peter Kreindler
General Counsel, Honeywell International, Inc.
Patricia Leonard
COO, American Management Association
Andrall E. Pearson
Founding Chairman, Tricon; director, Citigroup; YUM Brands, the Metropolitan Museum of Art, and the NYU Medical Center; professor emeritus, Harvard (1925 – 2006)
Joseph J. Plumeri
Executive Chairman and CEO, Willis Group Holdings LTD
Ned Regan
President, Baruch College; former Comptroller State of New York
Gerald Rosenfeld
CEO, Rothschild; Director of Case, Continental Grain
Doug Shulman
President, NASD Regulatory & Compliance Services
Richard Steinberg
Author, COSO Internal Control & COSO ERM; Partner, Steinberg Governance Advisors; former Managing Partner for Corporate Governance Practice, PricewaterhouseCoopers
Ken Thrasher
Chairman and CEO, Compli
Former CEO, Fred Meyer Stores, Division of Kroger
Gabe Shawn Varges
Senior Executive Legal Officer, Zurich Financial Services;
co-chair for the Practising Law Institute’s Corporate Compliance Institute; chair Corporate Counsel Association’s European Corporate Governance Committee
Christopher E. Watson
Chairman and CEO, Gulf Insurance
Leo C. O’Neill
Former President, Standard & Poor’s (1940-2004)
Jack Jennings
Executive Vice President, Willis; Executive Advisory Council of St. John’s University School of Risk Management

2004 – GRC Defined, Red Book Released

After months of analysis, collaboration, and vetting, the first GRC standard emerges. Originally called the Capability Model, the cover was a deep red. It quickly became known as the OCEG Red Book. It detailed practices for GRC “the integration of the governance, assurance and management of performance, risk, compliance and ethics” (from GRC Glossary).

2005 – GRC Evolves, Red Book, and Audit

After defining GRC and developing high-level concepts, the OCEG community begins work on version 2 of the GRC Capability Model and the standard gains wide adoption with over 100,000 downloads in a single year. The desire to audit governance, risk management and compliance leads the OCEG community to develop the GRC Assessment Model (known as the “Burgundy Book”).

2006 – GRC Generally Recognized, Principled Performance Defined

OCEG and GRC as a concept were fully recognized. Analysts at Forrester, Gartner, and IDC began using GRC as a way to organize software that addressed governance, assurance and management of performance, risk, compliance, and ethics. OCEG and its executives were recognized by Business Finance Magazine, Treasury and Risk Magazine and others.

“Principled Performance” is defined to describe the goal of GRC and OCEG founder, Scott Mitchell, writes the first academic journal article on the topic (published in the International Journal of Governance and Disclosure in 2007).

2007 – Growth, Development and Education

The acclaimed GRC Illustrated Series begins and OCEG begins more broadly distributing though leadership about GRC and Principled Performance.

The OCEG GRC “Desk Set” comprised of the GRC Capability Model (Red Book), GRC Assessment Model (Burgundy Book) and GRC Solutions Model is created.

2010 – GRC Certifications and Definitions

Certification begins via GRC Certify to help formalize the education and credentialing of GRC knowledge and skills.

GRC Glossary is finalized and version 3.0 of the OCEG Standards is authorized by the OCEG Leadership Council.

2015 – GRC Professionals Everywhere

The GRC movement reaches over 50,000 members. We reach thousands of professionals on 6 continents and 2,500 cities.

2018 - 85,000 Members Strong - History in the Making

Join the movement! and help us make this a banner year.

Putting Principles into Practice is what we do

Behind the big ideas of Principled Performance and GRC, we have hundreds of resources, standards, and certifications to upgrade your skills.