OCEG’s GRC Capability Model – A Pioneering Approach Towards Integrity of Organizations

  Compliance

What is OCEG?

OCEG is a nonprofit think tank that is dedicated to achieving a world where every organization and every person strives to achieve objectives, address uncertainty and act with integrity. OCEG invented GRC (integration of governance, risk management and compliance) and the GRC Capability Model as the means to achieve Principled Performance and that promotes the attainment of Principled Performance the ability to reliably achieve objectives while addressing uncertainty and acting with integrity. OCEG informs and empowers a community of more than 65,000 members worldwide, helping to advance knowledge of how to integrate and mature governance, risk management, and compliance.

Independent of specific professions and domains of risk, we provide content, best practices, education, and certifications to drive leadership and business strategy through the application of the OCEG GRC Capability Model. OCEG’s GRC Professional (GRCP) and GRC Audit (GRCA) certifications are the only credentials that evidence an individual’s capability to apply the GRC Capability Model and assist organizations in improving GRC.

OCEG’s GRC Capability Model (also known as the OCEG Red Book) provides open source standards, available for free. Founded in 2002, OCEG is headquartered in Phoenix, Arizona. To access the OCEG Red Book and for more information, visit www.oceg.org.

At the turn of the century, in the early 2000s, scandals rocked the global economy evaporating millions of jobs and trillions of dollars of wealth. At the root of these scandals were siloed, misguided, and ineffective systems intended to address governance, risk, compliance and ethics. For example, strategic systems were separate from performance management systems, which were separate from risk management systems, which were separate from compliance management systems, and so on. Unfortunately, this “siloed approach” was all too common and the seeds of future problems continued to grow in this deficient current state.

OCEG wanted to create a future state that was more effective, more efficient and able to address modern challenges. The ideas behind Principled Performance and GRC to break down silos between governance, strategy, performance management, risk management, compliance management, internal audit and other departments. Published open source standards so that everyone could have access. What this means is that people from diverse backgrounds and professions can get on the same page and be more principled performers:

  • Governance and strategy
  • Risk management
  • Audit and internal audit
  • Compliance and legal
  • Ethics and culture
  • IT

Governance, risk management, and compliance (GRC) represents a coordinated approach to achieve efficiencies in an organization’s activities of corporate governance, risk management, and compliance with regulations. While “big data” is being harnessed to free the human mind from number crunching to perform higher-level analysis, GRC is an area that is benefitting from the availability of not only more data, but also the ability to assimilate data from different areas of an organization’s activities.

The GRC Capability model contains 8 integrated components, and each are embodying a number of related Practices:

  1. C: Context
    Understand the current culture and business context so that the organisation can address, and proactively influence conditions to support objectives.

    C1-External Context
    C2-Internal Context
    C3-Culture
    C4-Objectives
     
  2. O. Organise
    Organise and oversee an integrated capability that enables the organisation to reliably achieve objectives while addressing uncertainty and acting with integrity.

    O1-Commitment
    O2-Roles
    O3-Accountability
     
  3. A. Assess
    Identify threats, opportunities and requirements; assess the level of risk, rewand and conformance; and align an approach to reliably achieve objectives while addressing uncertainty and acting with integrity.

    A1-Identification
    A2-Analysis
    A3- Planning
     
  4. P. Proact
    Incent desirable conditions and events; and prevent undesirable conditions and events with management actions and control;

    P1-Proactive Actions and Controls
    P2-Codes of Conduct
    P3-Policies
    P4-Education
    P5-Incentives
    P6-Stakeholder relations
    P7-Risk Financing
     
  5. D. Detect
    Detect ongoing progress toward objectives as well as actual and potential undesirable conditions and events using management actions and controls;

    D1-Detective Actions and Controls
    D2-Notification
    D3- Inquiry
     
  6. R. Respond
    Respond to desirable conditions and events with rewards; and correct undesirable conditions and events so that the organisation recovers from and resolves each immediate issue and improves future performance;

    R1-Responsive Action and Controls
    R2-Internal Investigation
    R3-3rd Party Investigation
    R4-Crisis Response
    R5-Remediation
    R6-Rewards
     
  7. M. Measure
    Monitor, measure and modify the GRC capability on a periodic and ongoing basis to ensure it contributes to business objectives, while being effective, efficient and responsive to the changing environment.

    M1-Context Monitoring
    M2-Performance Monitoring
    M3-Systemic Improvement
    M4-Assurance
     
  8. I. Interact
    Capture, document and manage GRC information so that it efficiently and accurately flows up, down and across the extended enterprise, and to external stakeholders.

    I1-Info Management
    I2-Communication
    I3-Technology

Ensuring 8 Universal Outcomes :

  1. Achieve Business Objectives:
    Every CGR capability must contribute to attaining the desired business objectives;
  2. Enhance Organisational Culture:
    Inspire and promote a culture of performance, accountability, integrity, trust and communication;
  3. Increase Stakeholder Confidence:
    Increase stakeholder confidence and trust in the organisation;
  4. Prepare and Protect the Organisation:
    Prepare the organisation to address risks and requirements; and protect the organisation from negative consequences of adverse events, noncompliance and unethical behaviour.
  5. Prevent, Detect and Reduce Adversity:
    Discourage, prevent and provide consequences of misconduct; reduce the tangible and intangible damage caused by adverse events; noncompliance and unethical behaviour and the likelihood of similar events happening in the future;
  6. Motivate and Inspire Desired Conduct:
    Provide incentives and awards for desirable conduct, especially in the face of challenging circumstances;
  7. Improve Responsiveness & Efficiency:
    Continuously improve the responsiveness (timeliness and agility) and efficiency (speed and quality) of all GRC Capabilities activities while improving effectiveness (ability to meet objectives and requirements)
  8. Optimise Economic & Social Value:
    Optimise the allocation of human and financial capital to GRC capability activities to maximise the value generated, benefitting the organisation and the society in which it operates.
Summary
Open Compliance and Ethics Group - OCEG
Article Name
Open Compliance and Ethics Group - OCEG
Description
OCEG is a nonprofit think tank that is dedicated to achieving a world where every organization and every person strives to achieve objectives, address uncertainty and act with integrity. OCEG invented GRC (integration of governance, risk management and compliance) and the GRC Capability Model as the means to achieve Principled Performance and that promotes the attainment of Principled Performance the ability to reliably achieve objectives while addressing uncertainty and acting with integrity. OCEG informs and empowers a community of more than 65,000 members worldwide, helping to advance knowledge of how to integrate and mature governance, risk management, and compliance.
Author
Publisher Name
Plianced Inc.
Publisher Logo

LEAVE A COMMENT