Red Book 2.0 Released by OCEG with the GRC Capability Model


The Open Compliance and Ethics Group has released the second version of its Red Book about compliance models. OCEG’s Red Book 2.0 provides a guide for implementing and managing a GRC system or aspect of that system. That means Governance, Risk, and Compliance. Red Book 1, which came out in 2005, focused on “getting the compliance house in order.” This version takes a more holistic approach of incorporating the various elements as part of business processes.

It weighs in at 255 pages so I have lots of reading ahead.




  1. Risk Assessment - Getting It Right | Compliance Building - April 16, 2009

    […] There are three primary frameworks for risk management: COSO’s ERM requirements, Federal Sentencing Guidelines, and OCEG’s Red Book. […]