Top Ten List – Questions About GRC Certifications

My colleague, Carole Switzer, President of OCEG, just did a fabulous post about some of the top questions we get about OCEG GRC certifications.  I want to share it with you in case you have any of the same questions or are considering how to get certified in GRC.

I am also very excited to share that the GRC Professional certification has made some top lists itself, proving the value of getting certified as a GRC Professional:


I’ve been getting a lot of questions lately about the GRC Professional Certification and the companion GRC Audit Certification. So, I thought I’d tackle them all at once. Here we go:

1. What is a GRC Professional? 

An individual that spends substantial time helping an organization achieve principled performance by leading, planning, performing, enabling, integrating or auditing governance, performance management, risk management, internal control, compliance or ethics activities.

2. What is the GRC Professional Certification?

GRC Professional (GRCP) certification is the only credential that ensures understanding of the OCEG GRC Capability Model (Red Book). OCEG’s Red Book is the only true GRC capability model — and it is independent of a specific profession or vendor solution.

3. How do I get the GRCP certification?

You take an exam that is offered through the OCEG website It is online and can be taken from anywhere at any time. It’s free for anyone that has an OCEG All Access Pass. 

4. How do I prepare for the GRCP exam?

You prepare for the exam by  using OCEG’s on demand video GRC Fundamentals course (included with an All Access Pass) or by attending a deeper dive two day training program (see where and when at

5. How much does it cost to get and maintain the GRCP certification?

The GRCP exam and certification is now available for FREE but only for those who have an OCEG All Access Pass. Basically, as long as you are a paid AAP member of OCEG you can qualify for and keep the GRCP credential. And, the AAP gives you a wealth of GRC resources, CPE credit for attendance at webinars, and more. The AAP is $349 (but there is a Black Friday special offering a $100 discount – just visit and sign up with your Linked In profile then buy the AAP using code grc2015 while it is available.

6. How was the scope of the GRCP certification determined?

As a foundational certification, the GRCP exam tests a broad range of areas addressed in OCEG’s GRC Capability Model. These areas were determined by conducting an extensive job analysis of over 500 GRC Professionals in June 2010. Participants in the job analysis were asked to analyze over 200 skills and determine their significance to a GRC professional, executive or auditor. The job analysis and other research yielded a competency model that serves as a blueprint for the GRCP and GRCA.

7. What is a GRC Auditor?

OCEG defines a GRC Auditor as an individual who is proficient in using internal and external audit standards to audit GRC activities.  This includes understanding, assessing, and evaluating key components, practices and activities to build and execute a risk-based audit plan for governance, performance management, risk management, internal control, compliance or ethics activities.

8. What is the GRC Audit (GRCA) Certification?

The GRCA certifies that an individual has the core understanding, skills, and competence to assess, evaluate and audit the performance of GRC activities and controls.

9. How do I get a GRC Audit Certification?

In order to qualify for the GRCA Certification an individual must:

  • Be a GRCP in good standing
  • Either hold a current and active CIA, CPA, CA, CISA  or equivalent certification / license, in good standing, or have a minimum of three years of verifiable audit experience either as an internal auditor for an organization or in an audit or risk advisory role in a public accounting firm. To determine if your audit certification or license qualifies as an “equivalent,” please
  • Complete an approved GRCA training class either:
    • GRC Audit Video Series, or
    • 1 day in person, interactive session through an approved OCEG instructor (see the list of In-Person Events) (live event required if you are relying only on audit experience without having a current certification/license as above)
  • Complete the GRCA application which includes:
    • Professional license or certification verification
    • Professional experience documentation
    • Evidence of GRCA training completion
    • 100-250 word description of GRC audit activities performed
  • Maintain OCEG All Access Pass membership

10. Where can I get more information on GRCP and GRCA certifications for me or for my team?

There is more information available at

Facebook Comments