Despite warning signs, companies fail to see an emerging calamity, even when it is easily predictable. These threats underscore the importance of establishing an ethical culture and a more integrated approach to organizational oversight, comprehensive risk management and compliance.   

GRC: An Integrated Approach to Governance, Risk Management and Compliance  

Governance, risk management and compliance (GRC) are particularly critical to achieving Principled Performance®. Because there is significant overlap in the activities that underlie and support those broad areas, addressing all of these factors in an integrated fashion allows a consistent view of information and efficient application of resources. This enhances the power each individual process brings to the organization. 

GRC activities are fundamentally interconnected and depend on similar processes, people and technology. Integration of these activities does not mean consolidation: Integration means applying a common vocabulary, approach and, ideally, technology infrastructure to GRC processes. It also means coordinating the activities that ensure a flow of consistent information and enhance efficient use of resources. By establishing an integrated GRC system of people, processes and technologies, an organization can replicate improvements in one GRC area across others, enabling Principled Performance®. Once the GRC system is in place, companies can fine-tune their efforts as they move forward, reallocating human and capital resources to the GRC areas that need the most attention. 

The GRC Capability Model™ 

At the heart of the OCEG Framework is the GRC Capability Model™. Although various standards and guidance frameworks exist to address discrete portions of governance, risk management and compliance issues, the OCEG GRC Capability Model™ is the only one that provides comprehensive and detailed practices for an integrated GRC system. These practices address the many elements that make up a complete GRC system. Applying the elements of the GRC Capability Model™ and the practices within them enable an organization to: 

• Achieve business objectives 
• Enhance organizational culture 
• Increase stakeholder confidence 
• Prepare and protect the organization 
• Prevent, detect and reduce adversity 
• Motivate and inspire desired conduct 
• Improve responsiveness and efficiency 
• Optimize economic and social value 

The shortest distance between any organization and Principled Performance is application of the guidance and resources provided by OCEG. The OCEG Framework for Principled Performance® (the OCEG Framework) is relevant to those in oversight, strategic, operational and assurance positions. The OCEG Framework is centered on the GRC Capability Model™ (Red Book 2.0), which describes key elements of an effective GRC system that integrate the principles of good corporate gov¬ernance, risk management, compliance, ethics and internal control. 

Red Book 2.0 contains the GRC Capability Model™, the central piece of the OCEG Framework. It provides a comprehensive guide for anyone implementing and managing a GRC system or some aspect of that system – including those involved in compliance, training, hotlines and investigations. 

OCEG GRC Strategy, Process, & Technology Bootcamp . . . 

Join Corporate Integrity, LLC, one of the contributors to the OCEG Red Book 2.0, in a three-day basic training exercise in GRC Strategy, Process, and Technology.  

Attendees will receive value in understanding GRC and defining a GRC strategy that aligns to OCEG’s GRC Capability Model. This bootcamp is authorized and endorsed by OCEG 

The objective of this bootcamp is to provide attendees with the knowledge and hands-on practice necessary to efficiently design a GRC program based on the GRC Capability Model.   Attendees will learn about defining a GRC strategy and associated processes aligned with the GRC Capability Model through lectures and practical group interaction, discussions, and exercises.

Others, such as technology providers and professional service firms, benefit from understanding the issues and approaches to GRC challenges that organizations across industries are grappling with.

Learning Objectives . . .  

Attendees of the GRC Strategy, Process, & Technology Bootcamp will a practical understanding of the following learning objectives:

• Aligning risk and compliance in the context of business objectives 
• Understanding, defining, and enhancing organizational culture as it relates to GRC
• Implementing GRC processes that increase stakeholder confidence 
• How to prepare and protect the organization while preventing, detecting, and reducing adversity 
• Strategies to motivate and inspire desired conduct 
• Improve responsiveness and efficiency of GRC processes
• Optimizing the economic and social value or the organization
• Understanding technologies role in GRC
• How to develop a GRC strategic plan
• Ongoing monitoring of GRC activities through metrics and measurement

Workshop Agenda . . .  

The agenda day for Day 1 (8:00 am to 5:00 pm) is as follows :

• Introduction to OCEG
• Understanding and defining GRC & Principled Performance®
• GRC Fundamentals
• GRC Capability Model (Red Book)
• Detailed review of the OCEG GRC Capability Model & Red Book 

Day 2 (8:00 am to 5:00 pm) brings the lessons learned in Day 1 to a practical level with group exercises focused on:

• Continued review and implementation of the OCEG GRC Capability Model & Red Book 2
• Defining and executing a GRC strategy in your organization
• Implementing metrics, measurement, and improvement of the GRC program

Day 3 (8:00 am to 5:00 pm) applies world of technology enablement of GRC to the lessons learned in Day 1 and 2 with group exercises focused on:

• The Critical Role of Information Technology in GRC Management  
• The GRC Reference Architecture: Utilizing the GRC-IT Blueprint®  
• Conducting a GRC Technology Assessment 
• Developing Your GRC IT Roadmap & Action Plan

The fee includes a copy of slide handouts, OCEG’s GRC Capability Model, supporting GRC Illustrated Charts, as well as a contintental breakfast, lunch, and snacks each day.

Attendees will receive a certificate of completion of the GRC Strategy, Process, & Technology Bootcamp.

About Your Instructor. . . 

Michael Rasmussen, J.D., CCEP, and OCEG Fellow, is the authority in understanding Governance, Risk, and Compliance (GRC). He is a sought-after keynote speaker, author, and collaborator on GRC issues around the world. 

With more than 17 years of experience, Michael’s objective is to assist organizations in defining GRC processes that are sustainable, consistent, efficient, and transparent. He has contributed to US Congressional reports and committees, and has served on the Red Book Steering Committee and currently serves on the OCEG Leadershsip Council. Michael has been quoted extensively in the press. In June 2007, Treasury & Risk recognized Michael as one of the 100 most influential people in finance with specific accolades noting his work in “Governance and Compliance: Saving the Planet and the Corporation.” Most recently, in October 2008, he was recognized as a “Rising Star in Rocky Times: Corporate America’s Outstanding Executives Under the Age of 40.”