Skip survey header

GRC Professional Job Analysis / Competency Model Survey

Introduction / Instructions

Overview

On the following pages, a list of activities (skills) is provided. Please rate these items in relation to their significance for a GRC Professional. A GRC Professional is defined as:


"An individual that spends substantial time helping an organization achieve principled performance by leading, planning, performing, enabling, integrating or auditing governance, risk management, compliance, internal control or ethics processes"

Roles

For this analysis, we are going to focus on three particular roles with regard to GRC:

  • GRC Professional. This is the baseline role that includes skills that all GRC Professionals should posses regardless of their background, level of experience or specialty.

  • GRC Executive. This role includes executive-level skills related to leading, planning and evaluating the performance of a GRC capability. These skills are relevant for a senior executive (chief audit executive, chief risk officer, chief compliance officer, etc.).

  • GRC Auditor. This role includes skills related to evaluating or auditing the performance (effectiveness, efficiency and responsiveness) of a GRC capability.

Rating

Use the scale to rate how significant each item is for each role. If there are any important items that you think have been omitted, please add them in the spaces provided at the end of each list.


SIGNIFICANCE of a skill is a product of frequency of use and impact that the item has on job performance. Frequency of use means how often the skill is required on the job. Impact refers to the impact that the skill has on job performance.

For example, risk assessment may only be used annually or quarterly, but its impact is significant. Thus, the skill would be judged as "high" significance to the job.