Of course good governance, risk and compliance isn't just about getting certificates on the wall. But they don't hurt either!
GRC certifications showcase commitment to quality, demonstrate professional expertise and work wonders for the paycheck - the 2017 Global Knowledge Salary Report identifies governance as the most lucrative professional certification, bringing an average global salary of $92,766 (£66,911) for accredited individuals.
We've identified the top 5 GRC certifications that the modern quality professional should aim for.
1. GRCP (Governance, Risk and Compliance Professional)
Offered by non-profit think tank OCEG, the GRCP certification acts as a baseline for other GRC qualifications with its broad focus. It demonstrates:
- Knowledge of the operation of the core GRC disciplines, from auditing to risk
- Understanding of the GRC capability model and its four elements: learning, alignment, performance and review
- Competence in advising on key GRC controls and functions, and integrating GRC processes into a holistic strategy
Participants prepare for the exam with OCEG's 'GRC Fundamentals' video course or a two-day training program. Best of all, the exam's free for OCEG All Access Pass members.
2. CGEIT (Certified in the Governance of Enterprise IT)
With its tighter focus, CGEIT is designed for professionals specifically managing IT governance for their business. A CGEIT certification demonstrates:
- The necessary expertise to manage and advance an enterprise's IT governance
- Understanding of how to optimise enterprise IT system frameworks to boost efficiency and effectiveness
- Competence in IT risk management to support information security processes
The CGEIT certification is provided by global information systems association ISACA.
3. PMI-RMP (Project Management Institute - Risk Management Professional)
The Project Management Institute offers a risk management accreditation to IT professionals, which builds on the risk-centric elements of CGEIT with a project-based focus. PMI-RMP certification requires:
- Confident knowledge in risk strategy, planning and processes
- Competence in monitoring and reporting IT risk and engaging stakeholders
- Understanding of IT risk analysis for projects and how to build effective mitigation plans
For any quality professional wanting to learn how to insulate their business's information technology systems from risk in large-scale, complex projects, look no further.
4. CGRC (Certified in Governance, Risk and Compliance)
The GRC Group and its two institutions, the SOX and GRC institutes, offers members with a minimum of three years' professional experience the opportunity to achieve its CGRC certification.
- Understanding how the various roles and tiers of a business can contribute to robust and effective GRC
- Gaining knowledge of the key GRC regulatory requirements and how to meet them
- Understanding best practice in control frameworks, how to improve internal operation with focused investment, and how to track GRC process performance
GRC requires constant improvement and innovation. Understanding how to invest in a business's GRC system is a crucial skill provided by CGRC certification.
5. CRMA (Certified in Risk Management Assurance)
As its name suggests, the Institute of Internal Auditors focuses on quality professionals involved in the auditing process, providing educational material, certification and networking opportunities to its members.
Its CRMA certification aims to give participants the tools they need to:
- Unlock the full potential of internal auditing to drive continuous improvement
- Evaluate how risk relates to core business processes - and how to mitigate it
- Understand how to effectively manage and analyse risk
CRMA is achieved by passing a 100-question multiple-choice examination.
These five certifications are all valued indicators of governance, risk and compliance professional excellence. Whether it's building core knowledge of GRC, improving control of IT systems or understanding and insulating against risk, achieving a GRC certification benefits the recipient and their business by laying the groundwork for robust, resilient GRC processes.
What you should do now
Looking to build your GRC expertise? Browse the standards and compliance section of our website for detailed breakdown of the key GRC standards.
How do you compare with your peers in the quality industry? Read our 2017 Global Quality Trends Report to gain insight from industry experts and learn how the quality industry is changing.
Finally, our Knowledge Centre provides a range of materials to support GRC professionals: access gap analysis and risk register templates, download standard toolkits and browse Qualsys's training courses.