You already have access!
GRCA is part of your All Access Pass or Paid membership.
Become a versatile assurance professional who can audit governance, strategy, performance, risk, compliance, ethics, security, privacy, internal control, and other activities. The GRC Audit (GRCA) certification builds on the GRCP and demonstrates that you have the understanding and skills to audit the GRC capability model.
Get certified by the global nonprofit that invented GRC 20 years ago
The GRC Auditor (GRCA) certification validates that you understand and can apply audit and assurance skills to evaluate established or planned GRC capabilities in your organization. It ensures that you have the versatile skill set to evaluate and report on the strengths and weaknesses in governance, strategy, performance management, risk management, compliance, ethics, internal control, security, privacy, and audit activities.
It is only available to those who hold a GRCP certification, which provides the necessary foundational GRC knowledge.
The GRCA is based on the essential body of knowledge used daily by GRC Professionals who provide assurance. With the help of hundreds of experts, this body of knowledge was identified, analyzed, and documented in the GRC Capability Model. The GRCA also relies on procedures documented in the GRC Assessment Tools guide and general audit and assurance concepts found in the public domain.
We recommend using these resources to prepare for the GRCA Exam
While the exam does not require course attendance, most people who pass on the first attempt report that a course helped them pass.
GRCA is perfect for anyone who works in - governance, strategy, performance, risk, compliance, ethics, internal control, security, continuity, audit, assurance, or IT. GRCA helps to elevate your ability to self-assess your own performance or judge the performance of other units.
Our certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds. We do not require specific experience or educational degrees to apply.
GRCA is a versatile certification aimed to serve the versatile needs of professionals in all stages of their careers. Professionals can use the GRCA in several scenarios:
Becoming a GRCP and adding the GRCA is the perfect way to start your career. Adding knowledge of audit and assurance further expands your skill set to understand how to evaluate the inner workings within and between other departments, including how to develop a greater understanding of how they operate and determine where they need improvement to be successful.
Becoming a GRCA is the perfect way to enhance existing certifications or upgrade your skills. You may already have an audit-related certification from one of the many professional associations. Most of these associations focus on a particular discipline (e.g., internal audit, external audit, fraud, quality). GRCA addresses all of these aspects and helps to make you more well-rounded.
All of our certifications use a similar streamlined process. We pride ourselves on simplicity and accessibility. All of our exams are online and available at any time. No need to schedule! We include everything you need as part of your All Access Pass. To be clear, everything is included for no additional fees.
Our All Access Pass provides everything you need to prepare for the GRCA and all of our other certification exams. One fee for education, preparation, certification, and maintenance.
Everything is included for no additional fees.
Study the essential body of knowledge contained in the GRC Capability Model (“Red Book”) and the GRC Assessment Tools ("Burgundy Book). Attend GRC Audit Fundamentals to learn how to apply it.
We offer GRC Audit Fundamentals via self-study or by attending an in-person course delivered by one of our authorized partners (a great choice if you want localized language and additional examples).
Our self-study programs are delivered in English and subtitled in English, Spanish, Arabic, and Bahasa. Need another language? Let us know.
Essential body of knowledge and self-study are included for no additional fees.
Our certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds.
We do not require specific experience or educational degrees to apply.
Just complete a simple form at the beginning of the exam to update your information and agree to the code of conduct.
Application is included for no additional fees.
Access the online exam anywhere and anytime.
The exam is limited to one hour (60 minutes) to answer 45 questions. Correctly answer 32 questions to pass. Exams are "open book," which means that you may use Google and other resources while taking an exam.
You can retake an exam up to six times per year to pass it.
The GRCA Exam is offered at the end of the GRC Audit Fundamentals course, but you may directly access it at any time without watching the GRC Audit Fundamentals videos.
All retakes are included for no additional fees.
Fulfill all requirements to maintain your GRCA, including an active membership and completing the required continuing professional education every year.
GRCA requires eight (8) continuing professional education (CPE) credits every year. Many continuing education experiences count toward both GRCP and GRCA.
All CPEs are included for no additional fees.
Apply to gain additional certifications. We add new certifications regularly.
All certifications are included for no additional fees.
Preparation time varies based on your experience. People who pass the exam report anywhere from 2 hours to 10 hours of preparation before the exam.
This wide range is explained by the differences in background. If you are more experienced in governance, strategy, risk, compliance, ethics, security, or audit, then less time may be required to prepare vs. someone new to GRC and auditing concepts.
The essential body of knowledge for the GRCA is contained in the open-source GRC Capability Model (“Red Book”) and the GRC Assessment Tools and audit concepts in the public domain. We recommend that you:
We offer GRC Audit Fundamentals via self-study or by attending an in-person course delivered by one of our authorized partners. Training partners are a great choice if you want the training delivered in your native language and want additional context and examples for applying the concepts. Our self-study programs are delivered in English and subtitled in English, Spanish, Arabic, and Bahasa.
All of our self-study preparation courses are included for no additional fees. This means that GRC Audit Fundamentals is part of your All Access Pass.
Our global training partners charge separate fees for in-person experiences delivered in the localized language. These experiences also provide additional context and examples so that you understand how to implement solutions.
All of our exams are online and available at any time. No need to schedule!
Applying is simple! If you are already an OCEG member, we have most of the information necessary. Just complete a simple form at the beginning of the exam to update your information and agree to the code of conduct.
As a reminder, our certifications are open and accessible to all professionals. We accept candidates from diverse cultural, educational, and professional backgrounds. We do not require specific experience or educational degrees to apply.
Most people who pass the exam report that they carefully studied the GRC Capability Model, studied GRC Assessment tools, and completed the GRC Audit Fundamentals course.
Those who fail tend to pass on a subsequent attempt if they study and complete GRC Audit Fundamentals or attend a training course with an OCEG training partner.
In other words ... STUDY and WATCH the videos or attend a class if you want to pass the exam.
The GRCA certification exam covers both awareness (definitions, terms, and lists) and applying concepts and knowledge of the GRC Capability Model and GRC Assessment Tools. The exam breaks out as follows:
An extensive job analysis of GRC Professionals who also held various audit certifications (CPA, CA, CIA, CISA) determined GRCA topics and questions. Participants in the job analysis analyzed hundreds of skills and determined their significance to a GRC auditor.
The job analysis and other research yielded a blueprint that serves as a competency model for the GRCA. We update the GRC Audit Exam periodically to reflect important and relevant changes.
An extensive job analysis of GRC Professionals who also held various audit certifications (CPA, CA, CIA, CISA) determined GRCA topics and questions. Participants in the job analysis analyzed hundreds of skills and determined their significance to a GRC auditor.
The job analysis and other research yielded a blueprint that serves as a competency model for the GRCA. We update the GRC Audit Exam periodically to reflect important and relevant changes.
There are 45 scored questions and up to 15 unscored questions on the exam. We calculate your final score on the 45 scored questions. Scored questions have gone through a rigorous validation process.
The unscored questions are used to introduce and validate new questions without affecting your score. However, the unscored items are not labeled – so make sure you answer each question as if it counts!
All questions are multiple-choice.
You have one (1) hour to complete the exam. You must correctly answer 32 of the 45 scored questions.
Yes! The exam is open-book, meaning you may use Google and other resources while taking the exam.
We believe that the exam process should reflect modern reality and user experiences. In your job, you use Google and online resources daily. You should be able to use these resources when you learn and when you take the exam.
However, don't be fooled! The exam is challenging even with the help of these resources.
You get your result immediately after taking the exam. If you pass, your certificate is immediately available for sharing and printing from your Certification Dashboard.
You may retake the exam up to six (6) times per year. Almost everyone is able to accomplish this goal. We believe that certification should be part of the learning process and help reinforce understanding and not just be a point-in-time proof of memorized knowledge.
Consider being fully prepared each time that you attempt the exam. Our database of questions is extensive, so it is unlikely that you will see the same questions each time that you attempt the exam.
NO! You only need to pass the exam once every five (5) years. We use continuing education requirements to ensure that you stay current with new developments.
All continuing education for OCEG certifications is automatically tracked and administered under a unified program on our website. Whenever you watch a video or attend an event on our website, it is automatically tracked and counted toward your GRCA (or other OCEG certifications as appropriate).
You can see all of your current CPE credits on your Certification Dashboard.
The unified program allows you to track one CPE credit to multiple certifications. So, for example, a course on “Risk Assessments” would count toward not only GRCA but also several other certifications that rely on Risk Assessment skills.
Maintaining ALL of your certifications is simple and straightforward. We use a unified CPE program for all of our certifications and automatically track progress on your Certification Dashboard.
For GRCA, there are two main requirements:
You don’t have to!
All continuing education for OCEG certifications is automatically tracked and administered under a unified program on our website.
Whenever you watch a video or attend an event, such as a webinar on our website, it is automatically tracked and counted toward your GRCA (or other OCEG certifications as appropriate).
You may also manually submit CPEs from other pre-approved continuing education experiences.
You can check your CPE progress at any time on your CPE Dashboard.
Yes! Many of our continuing education experiences count toward multiple OCEG certifications. The unified program also allows you to track one CPE credit to multiple certifications. This means that a single webinar or course can count toward one or more of your certifications.
One experience. Multiple credits.
So, for example, a course on “Risk Assessments” would count toward not only GRCA but also several other certifications that rely on Risk Assessment skills.
Because GRCA is one of our core certifications, almost every CPE experience on our website counts toward your GRCA.