OCEG Capability Model GRC Standards
The Open Compliance and Ethics Group (OCEG) is an industry-led nonprofit organization that develops standards guidance and helps enterprises enhance their governance, risk management, and compliance processes. OCEG is a relatively new organization and certainly did not exist at the time of our first edition of this book. With major support from the information technology (IT) systems industry, the OCEG has published several “standards” what it calls a governance, risk, and compliance (GRC) capability model. We have placed the word standards in quotes because the OCEG does not have the standards-setting authority that can be found in the American Institute of Certified Public Accountants' (AICPA's) standards or even in some of the ISO 31000 guidance discussed in Chapter 17.
This chapter reviews several of the currently published OCEG guidance materials, including their “Red Book” describing their GRC capability model, what they call their “Burgundy Book” on GRC capability processes, and their related materials on XML, the extensible marking language used in many Web applications. Many of these OCEG guidance materials are very similar to other GRC and ERM framework information found in other chapters, but some have a slightly different emphasis or approach. Although it is a newer organization, we feel that the OCEG will have a significant impact on GRC processes in future years.
GRC Capability Model “Red Book”
OCEG's term “Open” in ...