Menu Close Menu

Menu

Account

What are the Critical Disciplines?

GRC isn't about a single discipline, profession or role. It requires collaboration between the "Critical Disciplines". After decades of research, our members have defined the best ways to help people like you work together.

GRC is an interdisciplinary endeavor that requires a diverse set of skills in your organization or on your team.

Critical Disciplines

Each discipline has areas where it excels and areas where it can learn from other disciplines.

When disciplines are fragmented and separate, we see problems. When they are integrated, they work together to achieve Principled Performance.

As professionals, we must collaborate and help our organizations achieve Principled Performance. And, in the process, we actually upgrade our own skills as well!

Critical Disciplines Used by PROTECTORS

People who work in governance, strategy, performance, risk, compliance, ethics, security, and audit apply the critical disciplines as "PROTECTORS"

Learn about the "Protector Code"

Governance & Oversight Discipline

The governance and oversight discipline addresses the way we constrain and conscribe activities of the organization or some part of it:

  • Set direction
  • Identify and establish boundaries
  • Allocate authority
  • Authorize performance, risk, and compliance systems
  • Shape a culture of integrity

Strategy & Performance Discipline

The strategy and performance discipline addresses the way we set objectives and key results; and how we map strategies and tactics to address opportunities, obstacles, and obligations:

  • Set objectives and key results
  • Identify opportunities, obstacles, and obligations
  • Align strategies and tactics
  • Manage performance, risk, and compliance systems

Risk & Decision Support Discipline

The risk and decision support discipline addresses the way we approach uncertainty and make sound decisions:

  • Identify risks
  • Assess risks
  • Address risks
  • Measure and monitor risks
  • Use decision science and support techniques

Compliance & Ethics Discipline

The compliance and ethics discipline includes the way we address obligations and the risks associated with both mandatory and voluntary boundaries:

  • Identify mandatory obligations
  • Identify and formalize voluntary obligations
  • Assess compliance and ethics risk
  • Set policy and procedures
  • Educate and communicate with the workforce
  • Inspire and shape an ethical culture

Security & Continuity Discipline

The security and continuity discipline addresses the way we approach significant risks and crises, especially those areas of the organization prone to attack or existential consequences:

  • Identify critical physical and digital assets
  • Assess related risks
  • Address related risks
  • Measure and monitor related risks
  • Use scenario planning and simulation to practice response
  • Perform crisis response when appropriate

Audit & Assurance Discipline

The audit and assurance discipline addresses the way we enhance internal and external stakeholders’ confidence that the organization is designed and operating effectively to reliably achieve objectives, address uncertainty, and act with integrity:

  • Prioritize assurance activities
  • Plan, perform, report, and monitor assessments
  • Use design and substantive testing techniques
  • Communicate with stakeholders and management to evaluate and enhance confidence
OCEG © 2002 - 2024 OCEG

Terms of Service

Privacy Policy

support@oceg.org

Contact Us

Information & Billing:
+1 (602) 234-9278

Principled Performance, Driving Principled Performance, Putting Principles Into Practice, OCEG, GRC360°, ActiveLearning, EventDay and LeanGRC are registered trademarks of OCEG.

Protector Skillset, Protector Mindset, Protector Code, Lines of Accountability, GRC Professional, GRCP, GRC Fundamentals, GRC Auditor, GRCA, GRC Audit Fundamentals, Data Privacy Fundamentals, Integrated Data Privacy Professional, IDPP, Policy Management Fundamentals, Integrated Policy Management Professional, IPMP, Integrated Audit & Assurance Professional, IAAP, Integrated Governance & Oversight Professional, IGOP, Integrated Strategy & Performance Professional, ISPP, Integrated Risk Management Professional, IRMP, Integrated Decision Management Professional, IDMP, Integrated Compliance & Ethics Professional, ICEP, Integrated Business Continuity Professional, IBCP, Integrated Information Security Professional, IISP are trademarks of OCEG.