The non-profit Open Compliance & Ethics Group has released an updated version of its popular standards for corporate conduct and risk management, known as the Red Book.

The OCEG GRC Capability Model, or Red Book 2.1, provides a blueprint for companies to use to help improve their corporate governance, management and assurance of performance, risk and compliance plans and actions. Red Book 2.1 marks the third update to the manual since its original publication in 2005, which set out the elements of an effective GRC system.

Red Book 2.0, last updated in 2009, provided a blueprint for integrating and aligning corporate compliance, governance, and risk-management practices. In Red Book 2.1, “we clarify the integrated relationship between risk, compliance, and performance management, and the governance, assurance and management of each,” explains OCEG Chair Scott Mitchell.

OCEG President Carole Switzer says Red Book 2.1 also now includes an open source share and share alike license for the Red Book, which allows anyone to use and build upon the Red Book with open source expansions. “This means, for example, that a company may import the standards into any software solution they want to use, or may build training materials around the standards,” says Switzer.

Like the 2005 and 2009 updates, the latest guidance is publicly vetted and based on input from hundreds of governance, risk, compliance, audit, and ethics experts across a number of industries that have applied the Red Book over the last eight years.  

Red Book 2.1 can be downloaded from OCEG's Website here. Hard copies or spreadsheet versions may be purchased through the OCEG online store here.