10 Reasons to Get An All Access Pass Today
Learn MoreThe purpose of the Burgundy Book is to provide GRC professionals, as well as those responsible for providing assurance, with a common set of assessment procedures that align with the OCEG GRC Capability Model (Red Book) and a common understanding of what can be expected during a capability assessment of a GRC Capability.
OCEG’s goals in creating the GRC Capability Assessment Tools are to:
The GRC Assessment Tools are designed to be scalable. The toolkit can be applied to a review of individual risk-specific programs (i.e., anti-fraud program, privacy program, etc.), discrete business units, sub- capabilities (i.e., hotline, risk management, values management, training, etc.) and the entire enterprise. It is also designed so that the same procedures may be used for self-assessment by GRC personnel, internal assurance to the Executive suite and the Board by Internal Audit, or external assurance for the Board and other stakeholders by third-party evaluators, generally CPAs or their equivalents.
Please note the current downloadable version of the Burgundy Book is based on the GRC Capability Model v2.1(Red Book). The Burgundy Book for the GRC Capability Model v3 will be available soon.