A Proverb states: “Where there is no guidance, a people falls, but in an abundance of counselors there is safety.” Much of the GRC world – with its various professional stovepipes – has struggled for guidance and direction on how to effectively integrate and define common processes for Governance, Risk, & Compliance. Sure, we have a variety of GRC related professions (e.g., legal, risk, compliance, finance, IT, audit, investigations, ethics, etc.) with their corresponding associations (many of which are superb). The issue has been integration, communication, and collaboration between these processes to bring a sustainable, consistent, efficient, accountable, and transparent view across GRC roles and processes.
- The GRC Rosetta Stone in the OCEG Red Book 2.0. OCEG has delivered the most comprehensive and practical process model for managing GRC and its interrelationships within business processes. Varying roles across the organization can leverage and integrate their specific frameworks and standards into a common GRC methodology. This provides a common framework to support collaboration, accountability, and transparency across the organization.
- User experience and validation. Not only has Red Book 2.0 been released, but OCEG has been hard at work building the validation framework for GRC in the Burgundy Book. Specifically, organizations such as AON, Archer Daniels Midland, Dell, Staples, Ventura Foods, and WalMart demonstrated their measurement and use of Red Book for GRC through validation of the Burgundy Book model.
- Upcoming release of the online GRC Directory. OCEG announced its partnership with yours truly (Corporate Integrity, LLC) on the July release of an online directory to catalog GRC technology and service/consulting providers. The taxonomy for the technology providers will be based around the OCEG IT Blueprint ‘Technology Arenas.’ Currently, Corporate Integrity has cataloged over 1100+ technology and service provider firms in the GRC EcoSystem that will be part of this online directory.
- Product validation of technology vendor GRC claims. With the OCEG GRC IT Blueprint providing practical guidance to the relevance and taxonomy of IT to support GRC business processes, OCEG also brought forth plans to have independent validation of products mapped to the GRC IT Blueprint. This provides value to organizations looking for technology to vet vendor claims to deliver specific functionality.
- Providing workshops and bootcamps to educate the GRC community. To help kickstart GRC programs and initiatives – and provide common education and guidance on OCEG Red Book and other materials – OCEG announced its plans to roll out online GRC Fundamentals training as well as in person GRC Fundamental & Red Book 2.0 BootCamps. In conjunction with OCEG, Corporate Integrity will be delivering one of the first GRC Fundamentals & Red Book 2.0 BootCamp in August.
- Expansion of the GRC community. With the release of the new OCEG website scheduled for late June/early July, OCEG will also be delivering online GRC communities where individuals and organizations can interact in online (as well as physical) forums around specific risk/interest, role, geography, and industry areas.
- Globalization of OCEG. Since its inception, OCEG has met the needs of U.S companies including large multi-national organizations operating globally. Over the past few years OCEG has seen growing interest from around the world as it now has members in over 68 countries. OCEG has revealed the next steps to provide for online communities that support geographies and international issues and guidance development, and is also partnering with other associations around the world to bring together a community of associations to work to bring GRC guidance to the diverse GRC roles within business. The goal is to provide an international hub of information as well as interaction with other GRC related associations and professionals.