The GRC Assessment Tools (Burgundy Book) provides audit and assurance professionals, as well as those overseeing GRC capabilities, with a common set of assessment procedures to be used in reviewing GRC capabilities.
These agreed upon procedures were developed and vetted by a team of professionals from leading audit firms together with risk, compliance and audit in-house professionals. These procedures are directly related to elements of the GRC Capability Model.
The Burgundy Book is designed to be scalable. The tools can be applied to a review of individual risk-specific programs (i.e., anti-fraud program, privacy program, etc.), discrete business units, sub- capabilities (i.e., hotline, risk management, values management, training, etc.) and the entire enterprise.
It is also designed so that the same procedures may be used for self-assessment by GRC personnel, assurance reporting to the executive suite and the board by internal audit, and external assurance for the Board and other stakeholders by third-party auditors.
OCEG encourages those intending to use the Burgundy Book for assurance reports to obtain the OCEG GRC Auditor (GRCA) certification, which demonstrates understanding of these procedures and the GRC capabilities to which they are applied. In house GRC professionals using the Burgundy Book should consider obtaining the GRC Professional (GRCP) certification.
Information & Billing:
+1 (602) 234-9278
Principled Performance, OCEG, GRC360, ActiveLearning, EventDay and LeanGRC are registered trademarks of OCEG.
Protector Skillset, Protector Mindset, Protector Code, GRC Professional, GRCP, GRC Fundamentals, GRC Audit, GRCA, GRC Audit Fundamentals are trademarks of OCEG.