GRC Professional Online Exam Information

The GRC Professional (GRCP) certification demonstrates that you can apply GRC. The exam covers awareness and application of concepts found in the GRC Capability Model.

The exam is available as part of the All Access Pass and there are no other costs:

  • No additional exam fees - the exam is included in your paid membership
  • No re-take fees - unlimited re-takes if you don't pass
  • No travel costs - the exam is online
  • No additional preparation fees - preparation materials are included

Use the information below to understand more about the exam itself. Check out these sample questions to get a sense of what the exam is like. And, as always, just ask if you have questions.


Questions to


Hours to Take


Required Score
to Pass

What topics are covered?

15% General Knowledge / Introduction

  • Understand key terms and definitions related to GRC
  • Understand key principles and business drivers behind GRC like Principled Performance
  • Understand the benefits of integrating GRC
  • Understand how GRC relates to other disciplines / professions
  • Understand background information found in the introduction of the Red Book

85% GRC Capability Model Details

  • Understand key management actions and controls
  • Understand design and implementation considerations
  • Learn – 20%, Align – 30%, Perform – 30%, Review – 5%

How difficult is the GRCP exam?

Most people who pass the exam report that they carefully studied the GRC Capability Model and completed the GRC Fundamentals course.

Those who fail tend to pass on a subsequent attempt so long as they study and complete the GRC Fundamentals videos.

In other words ... STUDY and WATCH the videos if you want to pass the exam.

How long does it take to prepare?

Preparation time varies based on your experience.

People who pass the exam report anywhere from 2 hours to 40 hours of preparation before the the exam. This wide range seems to be explained by the differences in background.

If you are more experienced in governance, risk, audit, compliance, ethics or IT, then less time may be required to prepare vs. someone who is new to GRC.

How long does the exam itself take?

You have 2 hours to complete the exam. Most people use the entire 2 hours.

Is the exam open book?

YES! The GRCP Exam is open book which means that you may use Google and other resources while taking the exam. However, don't be fooled! The exam is challenging even with the help of these resources.

The process and exam should reflect modern reality. You use Google and online resources every day in your job. You should be able to use these resources to learn. You should even be able to use these resources when you take the exam.

What score do I need to pass the exam?

You must correctly answer 70% of the 100 questions to pass the exam.

When do I find out if I passed the exam?

You get your result immediately after taking the exam. If you pass, then your certificate is immediately available for printing.

You may also order a physical certificate that is signed by OCEG Chairman and framed.

What happens if I fail the first time? Second time?

You may retake the exam as many times as required to eventually pass the exam.

We believe that Certification should be part of the learning process and help reinforce understanding and not just be a point in time proof of memorized knowledge.

Our database of questions is extensive and so it is unlikely that you will see the same questions each time that you attempt the exam. In other words, BE FULLY PREPARED each time that you attempt the exam.

You may retake the exam as many times as required to pass the exam. This is all about LEARNING, not TESTING

Do I need to "re-certify" every year?

NO! You only need to pass the exam once.

We use continuing education requirements to ensure that you stay current with new developments in GRC. You can review the other requirements to maintain your GRCP certification.

How was the GRCP exam developed?

The GRCP topics and questions were determined by conducting an extensive job analysis of over 500 GRC Professionals in June 2010.

Participants in the job analysis were asked to analyze over 200 skills and determine their significance to a GRC professional, executive or auditor.

The job analysis and other research yielded a competency model that serves as a blueprint for the GRCP.

We update the GRC Capability model and GRC Professional Exam to reflect important changes in the marketplace.