Successfully Integrating
GRC Capabilities Training

In this interactive GRC training you will learn how to efficiently design, implement, and enhance the GRC capabilities within your organization, based on the GRC Capability Model from OCEG, the organization that invented GRC.

You will learn the language of GRC and how to develop a GRC road map for your organization.

This program also prepares you to enhance your professional credentials by taking the GRC Professional certification exam, offered by OCEG's affiliate organization, GRC Certify.

In fact, over 90% of participants pass the GRC Professional exam on their first attempt!

Upcoming Sessions

This course in now a video on-demand course, so you can get the training any where, any time, and on any device. No need to travel.

Training to Obtain Your GRC Professional on cRisk Academy
(video course + workbook+ extra questions):

Training to Obtain Your GRC Professional on Mefford Associates
(video course + workbook + extra questions + coach and Q&A with instructor):

See What Others Are Saying

I participated Jason Mefford’s GRC Professional training. In addition to being such an enjoyable and great experience itself, the training provided me with a variety of new tools and ideas how to manage and promote GRC and ethics in our organization. Although I had been working with similar kind of topics for more than 10 years before the training, the new way how to combine, present and explain GRC to different organizations and in different contexts really supported my work.

Jyri Wesanko, TeliaSonera Group

This training provided me with information that helps me see the bigger picture. It will be valuable in both the performance of my job, but also in building on my professional skills. I plan to share the GRC model with my team and use it when approaching new projects. I actually feel confident that I could set up a new GRC program at a company using my current experience and this model.I really enjoyed the course and Jason's presentation. I would highly recommend this training to all levels of GRC professionals.

Stuart McNeill, Oil States International

Jason has great facilitation skills. The sharing of real-life experiences by Jason and the course participants enhanced the whole learning experience.

Patricia Jalleh, Enterprise Risk Asia

I took a Governance, Risk Management & Compliance (GRC) training with Jason and was impressed with his level of knowledge, creativity in teaching, and, after I took his course, I passed the GRCP certification exam without problems. I would highly recommend him for a high-value and fun GRC training.

Lubna Maria Elia, Root Capital

The professional interactions among, and exchange of information between participants was so valuable.  The program information is invaluable in helping me share and implement GRC capability concepts.

Stella Acosta, Motor Car Parts of America

Jason’s approach is to allow the exploration of ideas and concepts while still sticking to the agreed material and timescales. The addition of real life experience really brings to life the application of OCEG principles.

Alex Hollis, EMC / RSA

Industry Recognition for GRCP Certification

The GRC Professional certification is the best GRC certification to have if you are a professional working in GRC.  It is backed by OCEG, the organization that invented GRC, and has received industry recognition from the following sources:

OCEG GRC Professional listed as #5 of “18 Certifications Worth Having”

About the Course

Through lectures and practical group interaction, discussions, and exercises, you will learn about:

  • Defining a GRC strategy
  • Integrating and improving corporate performance, risk and compliance programs
  • Strengthening core business processes
  • Improving use of technology to support the integrated governance, management, and assurance of performance, risk, and compliance
  • Successfully pass the GRC Professional certification exam

There simply is no other training program that provides you with the skills, resources, and practical examples you need to help your organization improve its GRC capability by implementing the publicly vetted open source standards set out in OCEG’s GRC Capability Model.

At the heart of the seminar is the OCEG GRC Capability Model. Although various standards and frameworks exist to address discrete portions of governance, risk management and compliance issues, the OCEG GRC Capability Model is the only open standard that provides comprehensive and detailed practices for an integrated GRC capability.

Organizations can use the GRC Capability Model to address a broad GRC program across the organization or develop a structure within domains of GRC (e.g., legal, compliance, risk management, audit). The goal is to make GRC processes more effective, efficient, and agile to the needs of the business.

Introduction to OCEG and the GRC Capability Model

  • The use of frameworks
  • Available GRC individual certifications
  • Business context and the need for a GRC approach and Principled Performance
  • The “Big” picture of business illustration
  • Defining Principled Performance
  • Advantages of Principled Performance Governance, Risk Management & Compliance Basics Module
  • Defining common GRC terms
  • GRC concepts
  • GRC roles and responsibilities (e.g. audit, legal, human resources, IT, compliance, risk management, ethics, the boards, etc…)
  • Gaining commitment from senior management and the board
  • Overview of the OCEG GRC Capability Model
  • Implementing the OCEG GRC Capability Model at an organization

Learn Component

  • Understanding the external context of your organization
  • Understanding the internal context of your organization
  • Understanding and assessing culture
  • Understanding relevant stakeholders and developing a stakeholder relations plan

Align Component

  • Setting direction and management decision-making criteria in accordance with mission, vision and values
  • Defining high-level and lower-level objectives
  • Identifying opportunities, threats and requirements for your organization
  • Assessing levels of reward, risk and compliance – inherent and residual basis
  • Designing relevant actions and controls in order to respond to levels of reward, risk and compliance

Perform Component

  • Determining the right mix of proactive, detective, and responsive internal controls
  • Developing relevant policies and procedures
  • Providing communication to the right people, in the right way, at the right time
  • Delivering education to relevant individuals
  • Designing and implementing appropriate incentives
  • Designing notification methods to detect desired and undesirable events
  • Designing inquiry methods to detect desired and undesirable events
  • Responding to desired and undesirable events

Review Component

  • Monitoring the GRC capability
  • Providing assurance on the GRC capability
  • Making improvements to the GRC capability

GRC Strategy

  • Elements of a GRC strategic plan
  • Completing risk and compliance assessments as a starting point
  • Fraud risk assessment
  • Organizational risk assessment
  • Compliance gap analysis
  • Moving from the current state to desired state
  • Degrees of integration and maturity models
  • Building and explaining the business case for integrated GRC

GRC Professional Exam Preparation Module

  • GRCP exam areas
  • Exam resources
  • Sample GRCP exam questions and answers


fedora2 transparent tinyJason Mefford is a sought after speaker, business trainer and coach on ethics, corporate governance, risk management, GRC, compliance and internal audit topics. He helps organization think differently by becoming Principle Performers to help them reliably achieve their objectives, while addressing uncertainty and acting with integrity.

He is currently the President of Mefford Associates, a professional training, coaching and boutique advisory firm and is also a Brian Tracy certified trainer and business coach. Jason has spent many years training and coaching top business professionals all over the world, and is consistently rated as one of the leading experts and most effective speakers and trainers in the world.

He is the author of Risk-Based Internal Auditing, and was a contributing author on the OCEG GRC Capability Model v3.0. He is also a fellow with the Open Compliance and Ethics Group (OCEG) a nonprofit think tank that uniquely helps organizations drive Principled Performance® by enhancing corporate culture and integrating governance, risk management, and compliance processes.

The concept of Principled Performance® allows organizations to reliably achieve their objectives, while addressing uncertainty, and acting with integrity – the principles necessary for organizations to succeed over the long-term.

Jason has been the chief audit executive at two different multi-billion dollar manufacturing companies. His role also included being in charge of information security and being the Chief Ethics and Compliance Officer and Chief Risk Officer. Prior to that he was a manager at both Arthur Andersen and KPMG, performing internal and external audits and advisory services for clients in various industries. He was also a national instructor at both firms.

Jason is a Certified Internal Auditor (CIA), Certified Public Accountant (CPA), Governance, Risk Management and Compliance Professional (GRCP), GRC Auditor (GRCA), Certified Risk Based Auditor (CRBA), Certificate in Risk Management Assurance (CRMA) and Certified Internal Controls Auditor (CICA). He is a member of the Institute of Internal Auditors (IIA) and has been an active IIA volunteer serving at the local and international level.

He is currently an OCEG Fellow with the Open Compliance and Ethics Group (OCEG) a nonprofit think tank that uniquely helps organizations drive Principled Performance® by enhancing corporate culture and integrating governance, risk management, and compliance processes. He is also the Managing Director of GRC Certify, the certification body for OCEG.

He has been recognized by Yale University as a rising star in corporate governance, and was a finalist for the Corporate Secretary Magazine rising star in corporate governance award.

Jason is a graduate of Boise State University (BBA, Accountancy) and the University of Southern California’s Marshall School of Business (MBA).

Learning Objectives

  • Develop a GRC strategic plan
  • Align governance, risk and compliance in context of the organization
  • Understand, define, and enhance organizational culture as it relates to performance, risk, and compliance
  • Implement effective, efficient and agile GRC processes using the OCEG GRC Capability Model
  • Motivate and inspire desired conduct through the concept of Principled Performance
  • Understand technology’s role in GRC
  • Develop ongoing monitoring and continuous improvement of GRC activities through metrics and measurement
  • How to explain the value of Principled Performance, and an integrated approach to GRC, to your management and board

This is a basic to intermediate course and there are no prerequisites or advanced preparation.

Field of Study: Management Advisory Services

This is a group live event for NASBA authorized continuing education credit. Attendees who are All Access Pass holders or enterprise members of OCEG will receive a certificate of completion of this event indicating 24 hours of CPE.

To register for this event, please click on the Registration button at the top of the page.

OCEG is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have the final authority on the acceptance of individual courses for CPE credit.

Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: For information regarding administrative issues such as complaints or refunds please contact

This is an OCEG training course, presented by Mefford Associates, an approved OCEG training partner.

This course is suitable for executives, managers and key staff in all GRC roles (including risk, audit, compliance, ethics, legal, performance, IT, etc…).

Members of technology providers and professional service firms will also benefit from understanding the issues and approaches to GRC challenges faced by organizations they seek to serve.

Individual Benefits

  • Differentiate yourself from the competition
  • Prepare to successfully pass the GRC Professional certification exam and come away with helpful information and suggestions for passing, including sample questions and answers
  • Become a sought after expert in GRC and gain an advantage in the competitive job market
  • Increase your potential earnings (certified individuals can earn up to 40% more than those without certification)
  • Network with other professional in GRC roles, including an OCEG Fellow, and contributing author of the OCEG GRC Capability Model v3.0

Organizational Benefits

  • Raise the GRC bar and boost stakeholder confidence
  • Meet legal/regulatory compliance obligations effectively
  • Improve responsiveness, efficiency and strategic business decisions
  • Protect and enhance your brand and avoid fines, penalties and reputation damage
  • Demonstrate GRC implementation, auditing and consulting expertise
  • Differentiate from your market competitors
  • Increase the value of your GRC consultants

Not Sure if This Trainings is Right for You?

  • Are you new to a GRC role at your organization?
  • Do you need to develop, or improve your plan for dealing with GRC in an integrated manner?
  • Are you interested in adding a valuable individual certification to your resume or CV?
  • Do you want to network with other companies trying to implement integrated GRC capabilities?
  • Would you like practical tools you can apply at your organization, the day you get back from training?
  • Would you like some free advice and help from an internationally recognized expert in GRC who helped author the GRC Capability Model?

If you answered yes to any of those questions, all of the trainings apply to you.  What are you waiting for?  Sign up today and you will be one step closer to having your questions answered.

OCEG GRC Capability Model

The OCEG GRC Capability Model (or Red Book) helps GRC professionals plan, assess, and improve their GRC capabilities in order to achieve Principled Performance. Principled Performance is the healthy and vigorous state of being that enables organizational success. It can only be achieved by integrating and aligning information and core functions, and supporting them with strong communication, effective technology, and development of the desired culture.

The GRC Professional training course teaches how to apply the OCEG GRC Capability Model at an organization to develop an integrated GRC capability.

Mefford Associates is an authorized training partner of OCEG, and the only place you can get this valuable training based on the OCEG GRC Capability Model.