Open Compliance & Ethics Group
OCEG or Open Compliance & Ethics Group, is a non-profit think tank committed to the achievement of a society where every organization and every individual aim to achieve goals, resolve confusion and act with honesty. They provide standards, resources, and certifications to help assist professions become more efficient in their respective disciplines. OCEG’s main goal was to create a future state that was more effective, more efficient, and able to address modern challenges (OCEG 2019). GRC standards recognize that the governance, management and assurance of performance, risk and compliance require common capabilities and methods (OCEG 2019).
With the help of these standards, your organization should be able to build reliable programs with confidence, meet regulation requirements at effective cost and achieve Principled Performance. The OCEG Red Book or GCR Capability model is a collection of documents and practices used to better performance. Its core standard provides unified vocabulary across disciplines, defined common components and elements, defined common information requirements, standardized practices for things like policies and training, and identified communication for everyone involved (OCEG 2019).
The GRC Assessment Tools or OCEG Burgundy Book is a manuscript that provides everything needed to assess or audit the capabilities of GRC. It helps organizations evaluate the design and operating effectiveness of their GRC capabilities, reduce the cost of such evaluations by eliminating the time and expense of creating procedures to go along with providing standards for external judgment and recognition of sound practices (OCEG 2019). It also offers a review a review process that enables creation of improvement plans and raises the level of maturity and quality of GRC capabilities in all organizations (OCEG 2019). The GRC Technology Model or OCEG Green Book details the technology ecosystem. Its key technology categories that may be used to enable GRC capabilities and features required with technical aspects in each category (OCEG 2019).
When talking about the GRC Capability Model, we focus on the four main components of its makeup. The Learn objective is to examine and analyze context, culture, and stakeholders to learn what the organization needs to know to stablish and support objectives and strategies. Being able to understand the internal and external contexts an organization operates helps to achieve one’s objective. The Align performance, risk, and compliance objectives, strategies, decision-making criteria, actions, and controls with the context, culture, and stakeholder requirements (OCEG 2019). Performance, risk and compliance indicators must align to the conditions of an established outcomes and decision-making criteria.
The Perform addresses threats, opportunities, and requirements by encouraging desired conduct and events and preventing what is undesired, through the application of proactive, detective, and responsive actions and controls. To be able to meet the required goals of the PP, organizations must mandate the actions and controls to ensure they are addressing the uncertainty with pursuing their objective. The Review conducts activities to monitor and improve design and operating effectiveness of all actions and controls, including their continued alignment to objectives and strategies (OCEG 2019).
In the Resource tab, there is a lot of information that can help one understand the infrastructure of OCEG. The featured section contains the standards along with diagrams that illustrate the Pathway to Principled Performance. In the free section, Third Party Risk Management in Financial Services is a helpful tool to understand how outside sources can be involved in GRC.
1)Plan and Prioritize, 2) Know the Third Parties, 3) Define and Address Risks, 4) Monitor and Improve are all ways for a company to take the necessary steps in fulfilling their objective.
All these resources in my opinion provide a step by step path to success when it comes to an organization. The Events section provides a monthly news feed on topics that can impact an organization and also be able to prevent future risks from being taken with knowledge of how they may come about.
The Education section provides outreach and multimedia services that can help become certified in the Principled Performance. GRC Fundamentals, GRC Audit and GRC Tech Talks are just a few of the many educational courses instilled to keep knowledgeable for the future in this discipline. The three pillars of Principled Performance all carry their weight to making sure sustained success. Purpose is needed to guide everything that the organization lays out. People provide leadership and morals to go along with strong character toward achieving the purpose. Pathway is the road taken to keep an organization on track whether it be through risk management or compliance.
The ten Universal Outcomes all play a role in benefiting Principled Performance. 1) Achieve Business Objectives ensure all parts work together to achieve objectives. 2) Ensure Risk Aware Setting of Objectives and Strategic Planning provide information about responsibilities to governing authorities, 3) Enhance Organizational Culture promote culture of performance, 4) Increase Stakeholder Confidence is the trust in the organization, 5) Prepare and Protect the Organization addresses the risks and requirements while protecting the organization, 6) Prevent, Detect, and Reduce Adversity and Weaknesses prevents negative outcomes and address issues, 7) Motivate and Inspire Desired Conduct provides incentives rewards for desirable conduct, 8) Stay Ahead of the Game is a form of learn that supports quick changes and avoids obstacles, 9) Improve Responsiveness and Efficiency are capabilities that make the organization responsive as a whole, and 10) Optimize Economic Return and Values allocate human and financial resources to maximize economic return (OCEG 2019 ). The certifications tab provides a wealth of programs that can be used to benefit a professional’s objective. Qualsys is said to be the #1 GRC certification for the quality professional. The GRC professional Certification is for an individual professional who needs the core understanding of GRC processes and capabilities. Making sure they are well equipped with the rigors of compliance and how to manage risk. It covers 1) Principles, outcomes and key terms, 2) Core components, practices and activities and 3) Relationship of GRC to disciplines (OCEG 2019).
The article they chose to summarize was Managing Cyber Risk: A Multidisciplinary Challenge. The purpose of this article was to inform the viewer of new ways that cyber-attacks are being implemented in today’s environment. A watering hole attack is a back-way malware that was used in the online menu of a restaurant an employee visited. The article goes on to say that compliance and risk team need stricter policies and procedures to build a defense against these new creative attacks. Then using GRC Capability model as the main stay to establish protections against these attacks. Everyone can have a factor in protection of the security of their colleagues.