GRC Certification – The Top 10 List

GRC Certification – The Top 10 List

I've been getting a lot of questions lately about the GRC Professional Certification and the companion GRC Audit Certification. So, I thought I'd tackle them all at once.

Here we go with a list of the top reasons to get GRCP and GRCA certifications.

1. What is a GRC Professional?

An individual that spends substantial time helping an organization achieve principled performance by leading, planning, performing, enabling, integrating or auditing governance, performance management, risk management, internal control, compliance or ethics activities.

2. What is the GRC Professional Certification?

GRC Professional (GRCP) certification is the only credential that ensures understanding of the OCEG GRC Capability Model (Red Book). OCEG’s Red Book is the only true GRC capability model — and it is independent of a specific profession or vendor solution.

3. How do I get the GRCP certification?

You take an exam that is offered through the OCEG website. It is online and can be taken from anywhere at any time. It’s free for anyone that has an OCEG All Access Pass.

4. How do I prepare for the GRCP exam?

You prepare for the exam by using OCEG’s on demand video GRC Fundamentals course (included with an All Access Pass) or by attending a deeper dive two day training program (see where and when on the OCEG events list).

5. How much does it cost to get and maintain the GRCP certification?

The GRCP exam and certification is now available for FREE but only for those who have an OCEG All Access Pass. Basically, as long as you are a paid All Access Pass member of OCEG you can qualify for and keep the GRCP credential. And, the All Access Pass gives you a wealth of GRC resources, CPE credit for attendance at webinars, and more. Learn more about the All Access Pass.

6. How was the scope of the GRCP certification determined?

As a foundational certification, the GRCP exam tests a broad range of areas addressed in OCEG’s GRC Capability Model. These areas were determined by conducting an extensive job analysis of over 500 GRC Professionals in June 2010. Participants in the job analysis were asked to analyze over 200 skills and determine their significance to a GRC professional, executive or auditor. The job analysis and other research yielded a competency model that serves as a blueprint for the GRCP and GRCA.

7. What is a GRC Auditor?

OCEG defines a GRC Auditor as an individual who is proficient in using internal and external audit standards to audit GRC activities. This includes understanding, assessing, and evaluating key components, practices and activities to build and execute a risk-based audit plan for governance, performance management, risk management, internal control, compliance or ethics activities.

8. What is the GRC Audit (GRCA) Certification?

The GRCA certifies that an individual has the core understanding, skills, and competence to assess, evaluate and audit the performance of GRC activities and controls.

9. How do I get a GRC Audit Certification?

In order to qualify for the GRCA Certification an individual must:

  • Be a GRCP in good standing
  • Either hold a current and active CIA, CPA, CA, CISA or equivalent certification / license, in good standing, or have a minimum of three years of verifiable audit experience either as an internal auditor for an organization or in an audit or risk advisory role in a public accounting firm. To determine if your audit certification or license qualifies as an “equivalent,” please e-mail
  • Complete an approved GRCA training class either the GRC Audit Video Series, or 1 day in person, interactive session through an approved OCEG instructor (see the list of In-Person Events) (live event required if you are relying only on audit experience without having a current certification/license as above)
  • Complete the GRCA application which includes:
  • Professional license or certification verification
  • Professional experience documentation
  • Evidence of GRCA training completion
  • 100-250 word description of GRC audit activities performed
  • Maintain OCEG All Access Pass membership

10. Where can I get more information on GRCP and GRCA certifications for me or for my team?

There is more information available under Certifications on the OCEG site.