The GRC Capability Model 3.5 (Red Book) helps GRC professionals plan, assess, and improve their GRC capabilities to achieve Principled Performance.
What is the GRC Capability Model?
The GRC Capability Model (also known as the OCEG Red Book) teaches GRC professionals how to achieve Principled Performance - the reliable achievement of objectives while addressing uncertainty and acting with integrity.
GRC is the integrated collection of capabilities that enable an organization to achieve Principled Performance.
The GRC Capability Model is the first (and only) open-source standard that integrates the various sub-disciplines of governance, strategy, risk, audit, compliance, ethics/culture, and IT into a unified approach.
You may use and evolve this standard to address a range of situations, from small projects to organization-wide rollouts, as well as various subject areas, from anti-corruption to business continuity to third-party management.
The GRC Capability Model is an excellent tool to frame conversations about GRC capabilities with the board, senior executives, and managers.
You may also consider using this GRC Capability Model with more specific frameworks from organizations such as ISO, COSO, ISACA, IIA, and NIST. With these narrower frameworks, you can jump-start a program appropriate for your organization.
What’s New in 3.5?
This year, OCEG celebrates the 20th anniversary of its dedication to Principled Performance. As we commemorate 20 years of commitment to equipping professionals with interdisciplinary skill sets, it only feels right to release the newest version of our original framework: The GRC Capability Model 3.5.
The 3.5 model marks a significant milestone in advancing the field of GRC. With its simplified, clarified, and augmented content, this model empowers GRC professionals to navigate the complexities of today's business landscape and effectively address the trillion-dollar problem caused by unprincipled conduct.
With the help of a panel of 300+ experts, OCEG studied 500+ organizations to document best practices in this GRC Capability Model (commonly called the OCEG Red Book). The Red Book:
- Unifies vocabulary across disciplines
- Defines common components and elements
- Defines common information requirements
- Standardizes practices for things like policies and training
- Identifies communication for everyone involved
It’s not enough to aggressively move toward established objectives. For success, we must consider the boundaries of laws, social mores, and uncertainties regarding potential risks and rewards.
Nor can the management of risk, compliance, and ethical conduct be separated from the objective-seeking activity. Everything must be brought into alignment and operated through fully integrated governance, risk management, and compliance capabilities.
The Red Book remains true to the above goals and true to the core framework OCEG has taught for over 20 years:
- LEARN about the organization's context, culture, and key stakeholders to inform objectives, strategy, and actions.
- ALIGN strategy with objectives, and actions with strategy, using effective decision-making that addresses values, opportunities, threats, and requirements.
- PERFORM actions that promote and reward desirable things, prevent and remediate undesirable things, and detect when something happens as soon as possible.
- REVIEW the design and operating effectiveness of the strategy and actions, as well as the ongoing appropriateness of objectives to improve the organization.
Special All Access Pass Edition
In addition to the updates made in this milestone edition of the Red Book, All Access Pass holders have access to a special edition of the GRC Capability Model (available in English at this time).
This special edition includes a Tools & Techniques Appendix with 90 resources to enhance a GRCP’s ability to understand and implement the concepts taught throughout the framework.
Have an All Access Pass? Access your EXCLUSIVE version of The Red Book today.
Additional companion infographics in the OCEG GRC Capabilities Illustrated series.
- LEARN Component Illustration
- ALIGN Component Illustration
- PERFORM Component Illustration
- REVIEW Component Illustration