“CGRC™”
Certified in Governance, Risk, Compliance (GRC)™
Certification Training

Course Description

This course provides an introduction to Governance, Risk Management/Internal Controls, and Compliance (GRC) which includes Information Security/Information Technology GRC (IS/IT-GRC). Participants will gain foundational knowledge about the purpose and importance of GRC in organizations, along with practical tools to manage risks, implement internal controls, and ensure compliance with relevant standards and regulations.

Throughout the course, participants will learn how to efficiently integrate GRC into organizational practices, ensuring that risk management and compliance activities are effectively aligned with business goals, strategies and objectives. Participants will gain insights into the interdependencies between governance structures, risk oversight, and compliance obligations. The course covers ALL key domains and components across multiple dimensions of GRC, including but not limited to the following: governance, risk management, technology integration, compliance, internal controls, operations, reporting, strategy, audit, assurance, security (incl. cybersecurity), ethics, culture, integrity, more.

Learning Objectives

Upon successful completion of this course, participants will be able to:

  • Define the core concepts, principles, and objectives of Governance, Risk Management, and Compliance (GRC), including market segmentation and key terminology.

  • Describe commonly used industry standards and frameworks for enterprise risk management (ERM) and compliance, including third-party and vendor risk management.

  • Explain regulatory requirements, industry norms, and compliance frameworks that support organizational integrity, operational performance, and reputational protection.

  • Identify the roles and responsibilities of stakeholders involved in GRC initiatives using real-world organizational scenarios.

  • Apply business and IT risk management strategies to address organizational risks and align with enterprise objectives.

  • Design and implement internal controls that include documentation, testing, integration, remediation, and monitoring to address key risk indicators (KRIs).

  • Evaluate audit and assurance practices within GRC, including policy development, compliance assessments, and internal audit coordination.

  • Assess the impact of GRC decisions on business continuity (BC) and disaster recovery (DR) planning.

  • Analyze the role of artificial intelligence, including generative AI, in enhancing GRC decision-making, automation, and operational efficiency.

  • Discuss current trends, regulatory developments, and emerging technologies influencing the GRC landscape.

  • Compare the benefits and challenges of GRC implementation, including the use of data warehousing, analytics, and business intelligence platforms.

  • Explore the evolution of GRC roles and functions, including implications for career development and workforce demand in governance, risk, and compliance domains.

Course Modules

Module 1: Introduction to GRC

1.1 Defining GRC and Its Strategic Role

1.2 Evolution, Pillars, and Market Maturity

1.3 Industry Applications and Tools for GRC Integration

Module 2: Governance Foundations

2.1 Principles, Structures, and Stakeholders in Governance

2.2 Governance Policies, Ethics, and Culture

2.3 Governance in Modern and Complex Environments

Module 3: Risk Management (ERM & IS/IT Risk)

3.1 ERM and IT/InfoSec Risk Principles and Categories

3.2 Risk Identification, Assessment, and Metrics

3.3 Emerging Risks, Resilience, and Risk Governance

Module 4: Compliance and Regulatory Frameworks

4.1 Compliance Program Structure and Objectives

4.2 Regulatory Frameworks, Standards, and Industry Requirements

4.3 Monitoring, Reporting, and Evolving Compliance Areas

Module 5: Internal Controls and Assurance

5.1 Internal Control Types, Design, and Documentation

5.2 Testing, Monitoring, and Assurance Functions

5.3 Automation, Cloud, and Control Failures

Module 6: Information Security and IT GRC

6.1 InfoSec Governance and Risk Frameworks

6.2 Cybersecurity Planning, Incident Response, and Compliance

6.3 Emerging Security Practices and Metrics

Module 7: Technology Enablement for GRC

7.1 GRC Platforms, Integration, and Automation

7.2 Data Insights, Privacy Tech, and Governance Standards

Module 8: Artificial Intelligence (AI) and Generative AI in GRC

8.1 AI Applications in GRC Monitoring and Testing

8.2 Governance, Ethics, and Legal Implications of AI in GRC

Module 9: Audit, Monitoring, and Performance Measurement

9.1 Internal Auditing and GRC Evaluation

9.2 GRC KPIs, Analytics, and Continuous Improvement

Module 10: Organizational Integration and Implementation

10.1 Aligning GRC with Strategy and Business Functions

10.2 Program Design, Communication, and Training

Module 11: Trends, Careers, and Future of GRC

11.1 Trends, Technologies, and Regulatory Futures

11.2 Careers, Skills, and Human-Centered GRC

Exam Domains

1. Governance – 15%

Covers the principles, structures, ethics, and culture that define how organizations are directed and controlled. Emphasizes the role of governance in aligning GRC with organizational strategy and stakeholder expectations.

2. Risk Management (ERM & IS/IT Risk) – 18%

Focuses on enterprise and IT-specific risk identification, assessment, mitigation, and governance. Addresses emerging risks, resilience, and integration with business objectives.

3. Compliance and Regulatory Frameworks – 13%

Covers regulatory expectations, compliance program design, industry standards, third-party risk, and evolving legal requirements, including how organizations maintain operational integrity and reputational trust.

4. Internal Controls and Assurance – 12%

Focuses on the design, documentation, testing, automation, and monitoring of internal controls. Includes assurance functions like policy enforcement, internal audit, and remediation strategies.

5. Information Security and IT GRC – 10%

Addresses the intersection of GRC with cybersecurity and information governance. Includes incident response, InfoSec frameworks, and risk-specific metrics and tools.

6. Technology Enablement for GRC – 8%

Introduces digital platforms and data technologies used to operationalize and integrate GRC functions. Covers data governance, automation, analytics, and privacy-enhancing technologies.

7. Artificial Intelligence (AI) in GRC – 7%

Focuses on the use of AI—including generative AI—in GRC processes such as monitoring, testing, and decision-making. Discusses the ethical, legal, and governance implications of AI adoption.

8. Audit, Monitoring, and Performance Measurement – 7%

Covers internal audit practices, compliance evaluation, and the use of key performance indicators (KPIs) and analytics to measure and continuously improve GRC effectiveness.

9. Organizational Integration and Implementation – 5%

Explores how GRC programs are aligned with business strategy and operationalized across departments. Includes change management, communication, and training components.

10. GRC Trends, Careers, and Future Outlook – 5%

Discusses evolving technologies, regulatory trends, workforce needs, and the future landscape of GRC roles and skills.

Who Should Attend This Program

Professionals with background(s) in:

  • Finance

  • Accounting

  • Audit and Assurance

  • Information Technology including Information Security

  • Legal, Ethics

  • HR/HC (Human Resources/Human Capital)

  • Public Relations, Communications, Marketing

  • Operations

  • Reporting

  • Compliance

  • Strategy

  • Governance

  • Risk Management

  • Internal Controls

  • Quality

  • Project Managers

and other professionals who are directly or indirectly involved with the course topic.

Course Prerequisites

2+  years professional work experience
(in one or more of the professions listed above)

Printed Certificates and Digital Badges Awarded?

Yes (at no extra charge)

Program Level

Overview (applies to all organizational levels)

Advanced Preparation/Pre-reading

None Required

Course Materials Provided For Training

  • Complete set of course notes

  • Practice questions/exam

  • All relevant handouts

  • Relevant templates

  • Case-study(ies)

  • Study guide

  • Glossary

Certification Exam

  • Offered during the last 2 hours of class (it may also be taken remotely after the class; see Remote Proctoring↗ information)

  • Exam is multiple choice and timed; no true/false type questions will be there

  • Answer 100 questions in 120 minutes

  • No negative points for wrong, missing, or changed answers during the exam

  • Weightage in exam varies by domain

  • Open book exam

  • Must score at least 70% to pass

  • Exam expires 12 months after class

  • Exam retakes are offered for a fee

Additional Information

For delivery methods (including group-live classroom, group-internet-based virtual/online/remote, and self-paced self-study); training dates, times, and locations; number of exam attempts included for each delivery method; fields of study; NASBA CPEs; PDUs (self-report to PMI); CEUs (non-IACET); CPDs; attendance requirements; registration information; and any questions/concerns regarding refunds, complaints, transfers, substitutions, cancellations, and other terms and conditions, click the button below.