OCEG GRC Professional Certification (Malaysia)

The GRC Professional Training Course is a first-of-its-kind course in Malaysia. Under license from the Open Compliance & Ethics Group (OCEG), the course helps individuals develop a core understanding and skills to integrate governance, risk management and compliance in one capability.

The three-day course comprises:

  • a hands-on workshop with practical cases studies
  • real life example exercises while incorporating world-wide best practices
  • a project on the design of an integrated GRC capability across your organisation

Course attendees will be provided with the OCEG GRC Capability Model, relevant templates, tools as well as GRC software for easy tracking and reporting to set up your own GRC capability.

This course also prepares you to successfully pass the GRC Professional (GRCP) certification exam and become individually certified as a GRCP. The GRCP certification shows the individual has the core understanding and skills to integrate corporate governance, risk management, internal control and compliance activities. No pre-qualifications are required to take the course.

Learning Outcomes

Course participants will achieve the following objectives:
  • Develop a GRC strategic plan
  • Align governance, risk and compliance in context of the organisation
  • Understand, define, and enhance organisational culture as it relates to performance, risk, and compliance
  • Implement effective, efficient and agile GRC processes using the OCEG GRC Capability Model
  • Motivate and inspire desired conduct through the concept of Principled Performance
  • Understand technology’s role in GRC
  • Develop ongoing monitoring and continuous improvement of GRC activities through metrics and measurement
  • How to explain the value of Principled Performance, and an integrated approach to GRC, to your management and board

Course Overview


  • Introduction to OCEG
  • The use of frameworks
  • Available GRC individual certifications
  • Business context and the need for a GRC approach and Principled Performance
  • The “Big” picture of business illustration
  • Defining Principled Performance
  • Advantages of Principled Performance

Governance, Risk Management & Compliance Basics Module

  • Defining common GRC terms
  • GRC concepts
  • GRC roles and responsibilities (e.g. audit, legal, human resources, IT, compliance, risk management, ethics, the boards, etc.)
  • Gaining commitment from senior management and the board
  • Overview of the OCEG GRC Capability Model
  • Implementing the OCEG GRC Capability Model at an organisation

Learn Component

  • Understanding the external context of your organisation
  • Understanding the internal context of your organisation
  • Understanding and assessing culture
  • Understanding relevant stakeholders and developing a stakeholder relations plan

Align Component

  • Setting direction and management decision-making criteria in accordance with mission, vision and values
  • Defining high-level and lower-level objectives
  • Identifying opportunities, threats and requirements for your organisation
  • Assessing levels of reward, risk and compliance – inherent and residual basis
  • Designing relevant actions and controls in order to respond to levels of reward, risk and compliance

Perform Component

  • Determining the right mix of proactive, detective, and responsive internal controls
  • Developing relevant policies and procedures
  • Providing communication to the right people, in the right way, at the right time
  • Delivering education to relevant individuals
  • Designing and implementing appropriate incentives
  • Designing notification methods to detect desired and undesirable events
  • Designing inquiry methods to detect desired and undesirable events
  • Responding to desired and undesirable events

Review Component

  • Monitoring the GRC capability
  • Providing assurance on the GRC capability
  • Making improvements to the GRC capability

GRC Strategy

  • Elements of a GRC strategic plan
  • Completing risk and compliance assessments as a starting point
    • Fraud risk assessment
    • Organisational risk assessment
    • Compliance gap analysis
  • Moving from the current state to desired state
  • Degrees of integration and maturity models
  • Building and explaining the business case for integrated GRC

GRC Professional Exam Preparation Module

  • GRCP exam areas
  • Exam resources
  • Sample GRCP exam questions and answers

Delivery Format

  • Lecture style
  • Video clips
  • Discussion

Trainers & Consultants

  • Azhar Azib, GRCP, CIPM, CIPT
  • Celine Chew, GRCP, CIPM, CIPP/A, CIPT, FIP
  • Kevin Shepherdson, GRCP, CIPM, CIPP/A, CIPT, FIP
  • Sanjeev Gathani, GRCP, GRCA, CIPM
  • William Hioe, GRCP, CIPM, CIPP/A, CIPT, FIP


3 full days

Ideal For

  • Internal auditors
  • Compliance professionals
  • Governance professionals
  • Risk management professionals
  • GRC professionals
  • Legal professionals
  • IT professionals dealing with GRC
  • Managers responsible for GRC activities
  • Executives and board members

Programme Fee

Normal Fee: RM 11,500.00

Introductory Fee: RM 9,500.00 (register before 1 July 2016)

Group Booking: RM 9,500.00 (3 and more from the same organisation)

  • Includes 3 days of training
  • Covers all other relevant required fees including reference guides, course notes, exam fees, practice exam fees & online training
  • Includes 1 annual user license to GRACIAs (Governance, Risk Assessment, Compliance & Internet Audit System) worth S$5,000

Course Dates

September 2017

Day 1: 11 Sep 2017
Day 2: 12 Sep 2017
Day 3: 13 Sep 2017