GRC Professional Certification (GRCP™)

GRCP is the foundation of all other certifications. This certification ensures that an individual has the core understanding and skills to integrate governance, performance management, risk management, internal control and compliance activities. This certification covers:

  • Basic terms and definitions
  • Principles of GRC
  • Core components, practices and activities
  • Relationship of GRC to other disciplines

As a foundational certification, the GRCP exam tests a broad range of areas. These areas were determined by conducting an extensive job analysis of over 500 GRC Professionals in June 2010. A GRC Professional is defined as:

“An individual that spends substantial time helping an organization achieve principled performance by leading, planning, performing, enabling, integrating or auditing governance, performance management, risk management, internal control, compliance or ethics activities”

Participants in the job analysis were asked to analyze over 200 skills and determine their significance to a GRC Professional, a GRC Executive or a GRC Auditor. The job analysis and other research yielded a competency model which serves as a blueprint for the GRCP and other exams.

GRCP Competencies / Exam Areas

General Knowledge (30%)

  • Understand key terms and definitions related to GRC
  • Understand key principles and business drivers behind GRC
  • Understand the benefits of integrating GRC
  • Understand how GRC relates to other disciplines / professions
  • Understand key frameworks in the areas of corporate governance, risk management, internal control, compliance and ethics

Context & Culture (5%)

  • Understand and analyze external business context
  • Understand and analyze internal business context
  • Understand and analyze organizational culture
  • Understand and analyze organizational values and objectives

Organize & Oversee (10%)

  • Define and obtain commitment to GRC objectives
  • Define key roles and responsibilities for the GRC capability
  • Define overall approach to the GRC capbility and accountability for specific areas

Assess & Align (15%)

  • Identify risks and opportunities
  • Analyze risks and opportunities
  • Define a plan to address risks and opportunities

Prevent & Promote (10%)

  • Design and implement actions and controls that prevent (or reduce) adverse events and conduct
  • Design and implement actions and controls that promote  favorable events and conduct
  • Use important tools such as:
    • Policies and Procedures (including codes of conduct)
    • Awareness and Education
    • Human Capital Incentives
    • Stakeholder Relations
    • Financing and Insurance

Detect & Discern (10%)

  • Design and implement actions and controls that detect and discern when important events occur
  • Design and implement ways for individuals to report events to the organization
  • Design and implement ways for the organization to ask individuals about the occurrence of important events

Respond & Resolve (10%)

  • Design and implement actions and controls that respond to and resolve adverse events after they are detected
  • Conduct internal reviews and investigations
  • Respond to third-party inquiry and investigations
  • Perform crisis response and recovery
  • Fix root causes of adverse events

Monitor & Measure (5%)

  • Monitor the external and internal context for changes that impact GRC capability design
  • Monitor the performance of the GRC capability
  • Make improvements to the GRC capability and the organization
  • Provide assurance that the GRC capability is effective, efficient and agile

Inform & Integrate (5%)

  • Manage information and documentation associated with the GRC capability
  • Communicate with internal and external stakeholders about the performance of the GRC capability
  • Apply technology to enable the GRC capability
 

Secure Server