GRC Professional Training (GRCP)


GRC Professional Training (GRCP)

Training Partners


Next Session

29 Jan-
30 Jan-
31 Jan


3 Days




+65 6974 8949 | +65 6920 5462


Ideal For
  • Internal auditors
  • Compliance professionals
  • Governance professionals
  • Risk management professionals
  • GRC professionals
  • Legal professionals
  • IT professionals dealing with GRC
  • Managers responsible for GRC activities
  • Executives and board members

Participants are required to attain a minimum of 75% training attendance and pass the associated assessment in order to be eligible for course fee funding. Click here for more information.

  INTAKE 429 - 31 Jan 2024 [Open for Registration]
Mode of Delivery: Online

*Online registration will close 5 calendar days before the course start date or once the maximum class size is met, whichever comes first.

The GRC Professional Training Course is a first-of-its-kind course in Singapore.

Under license from the Open Compliance & Ethics Group (OCEG), the course helps individuals develop a core understanding and skills to integrate governance, risk management and compliance in one capability.

The three-day course comprises:

  • a hands-on workshop with practical cases studies
  • real life example exercises while incorporating world-wide best practices
  • a project on the design of an integrated GRC capability across your organisation

Course attendees will also be provided with the OCEG GRC Capability Model, relevant templates, tools as well as GRC software for easy tracking and reporting to set up your own GRC capability.

This course also prepares you to successfully pass the GRC Professional (GRCP) certification exam (exam voucher to be purchased separately) and become individually certified as a GRCP. The GRCP certification shows the individual has the core understanding and skills to integrate corporate governance, risk management, internal control and compliance activities.

Watch our course trailer video here:

Meet our team of trainers:

Kevin Shepherdson

Kevin Shepherdson
Fellow of Information Privacy,

Kevin is the founder and CEO of Straits Interactive, which operates the ASEAN region's largest network of privacy professionals: the Data Protection Excellence (DPEX) Network. Recognised as an expert in data privacy and governance, Kevin authored the book "99 Privacy Breaches to Beware Of" and is also the official APAC trainer for both IAPP (International Association of Privacy Professionals) and the Open Compliance and Ethics Group (OCEG).

Backed by several years in management roles at Creative Technology, Sun, and Oracle, Kevin brings his vast knowledge and experience to Digital Transformation and Generative AI. He has played a pivotal role in the development of the company's major AI initiatives, such as the region's first AI DPO Assistant. He utilises his degree in arts and social science (with a major in English language) and a master's in information science in the area of AI governance, Generative AI design and prompt engineering.

Celine Chew

Celine Chew
Fellow of Information Privacy,

As a Certified Information Privacy Manager (CIPM) and Head of Learning and Development of Straits Interactive, Celine provides insights into the behavioural change and learning required for teams to embrace change initiatives. She offers comprehensive training for Data Protection Officers (DPOs) and companies, propelling digital transformation in data protection and governance. Celine also has extensive training experience internationally and specialises in the social, emotional and cognitive aspects of learning. She is also an executive coach to senior executives in multinational and regional companies.

Combining both her educator, musical and change management background, Celine crafted and trained a tailored curricula for educators on utilising ChatGPT for teaching and learning, training educators' adeptness with these tools. Through her hands-on approach and strategic insights, she has significantly advanced the integration of cutting-edge AI technologies in these vital areas as well as playing a crucial role for the launch of Straits first AI Data Protection Officer (DPO) Assistant toolkit.

William Hioe

William Hioe
Fellow of Information Privacy,

William Hioe, who is a Certified Information Privacy Manager (CIPM), brings with him more than three decades of ICT experience in the government and public sector, first as an assistant director in Systems & Computer Organisation, MINDEF, and then as a senior director of strategic planning at the National Computer Board (NCB) / Infocomm Development Authority of Singapore (IDA). Currently, he is the managing director of Cynergie Consulting Pte Ltd, a company founded by him to offer consultancy and training services in strategic ICT planning, strategy development, policy formulation and enterprise architecting.

Participants should have:
• Basic GRC knowledge and experience; and
• Tertiary level qualifications; and/or
• At least 2 years of working experience


Course participants will achieve the following objectives:

  • Develop a GRC strategic plan
  • Align governance, risk and compliance in context of the organisation
  • Understand, define, and enhance organisational culture as it relates to performance, risk, and compliance
  • Implement effective, efficient and agile GRC processes using the OCEG GRC Capability Model
  • Motivate and inspire desired conduct through the concept of Principled Performance
  • Understand technology’s role in GRC
  • Develop ongoing monitoring and continuous improvement of GRC activities through metrics and measurement
  • How to explain the value of Principled Performance, and an integrated approach to GRC, to your management and board

1. Introduction 

  • Introduction to OCEG
  • The use of frameworks
  • Available GRC individual certifications
  • Business context and the need for a GRC approach and Principled Performance
  • The "Big" picture of business illustration
  • Defining Principled Performance
  • Advantages of Principled Performance

2. Governance, Risk Management and Compliance Basics Module

  • Defining common GRC terms
  • GRC Concepts
  • GRC roles and responsibilities (e.g. audit, legal, human resources, IT, compliance, risk management, ethics, the boards etc.)
  • Gaining commitment from senior management and the board
  • Overview of the OCEG GRC Capability Model
  • Implementing the OCEG GRC Capability Model at an organisation

3. Learn Component

  • Understanding the external context of your organisation
  • Understanding the internal context of your organisation
  • Understanding and assessing culture
  • Understanding relevant stakeholders and developing a stakeholder relations plan

4. Align Component

  • Setting direction and management decision-making criteria in accordance with mission, vision and values
  • Defining high-level and lower-level objectives
  • Identifying opportunities, threats and requirements for your organisation
  • Assessing levels of reward, risk and compliance - inherent and residual basis
  • Designing relevant options and controls in order to respond to levels of reward, risk and compliance

5. Perform Component

  • Determining the right mix of proactive, detective, and responsive internal controls
  • Developing relevant policies and procedures
  • Providing communication to the right people, in the right way, at the right time
  • Delivering education to relevant individuals
  • Designing and implementing appropriate incentives
  • Designing notification methods to detect desired and undesirable events
  • Designing inquiry methods to detect desired and undesirable events
  • Responding to desired and undesirable events

6. Review Component

  • Monitoring the GRC capability
  • Providing assurance on the GRC capability
  • Making improvements to the GRC capability

7. GRC Strategy

  • Elements of a GRC strategic plan
  • Completing risk and compliance assessments as a starting point - Fraud risk assessment, Organisational risk assessment, Compliance gap analysis
  • Moving from the current state to desired state
  • Degrees of integration and maturity models
  • Building and explaining the business case for integrated GRC

8. GRC Professional Exam Preparation Module

  • GRCP exam areas
  • Exam resources
  • Sample GRCP exam questions and answers


  • Lecture style
  • Video clips
  • Discussions with consultants
  • Role play / presentations


As part of the requirement for SkillsFuture Singapore, there will be an assessment conducted at the end of the course. The mode of assessment, which is up to the trainer’s discretion, may be an online quiz, a presentation or based on classroom exercises.

Participants are required to attain a minimum of 75% attendance and pass the associated assessment in order to receive a digital Certificate of Participation issued by Singapore Management University.

For more information on assessment and re-assessment policy, click here.


The GRC Professional course is conducted by certified GRCP trainers. Straits Interactive is an OCEG Training Partner, and our trainers have been actively engaged in doing actual PDPA audits of Singaporean companies for Straits Interactive, and are certified by IAPP to conduct the CIPM course. Together, the team has also trained thousands of participants in the Personal Data Protection Act.

  • Electronic copy of course materials
  • First year OCEG membership free for new OCEG members

1. Course fee includes electronic copy of course materials.
2. Participants who are new to OCEG will be given free membership for the first year.
3. Examination voucher for the OCEG certification examination is NOT included and has to be purchased separately.
Scroll down for more information on the Purchase of Examination voucher.

Singapore Citizen < 40 years old 
Permanent Resident 
(After SSG Funding 70%)
(After SSG Funding 70% + ETSS Funding 20%)
(After SSG Funding 70%)
Singapore Citizen ≥ 40 years old$446.40
(After SSG Funding 70% + MCES Funding 20%)
(After SSG Funding 70% + MCES Funding 20%)
(After SSG Funding 70% + MCES Funding 20%)
International Participant$3,888.00
(No Funding)
(No Funding)
(No Funding)
All prices include 8% GST WEF 01 Jan 2023


The OCEG Certification Examination is not funded by SSG and the course fee paid does not include the examination voucher. The voucher has to be purchased separately from SI and not claimable using SkillsFuture Credits.

You can purchase a one-time exam for *S$108 (including GST) from Straits Interactive.
*The special offer is available only to class participants and is non-transferable

**This limited time offer is available for 7 days from and inclusive of the 3rd day of the class and payment must be made within 3 working days. The exam voucher is valid for 12 months from the date it is issued to you.

NOTE: This special price does not apply for exam retake.

More details will be shared on the 3rd day of the class.

Post Secondary Education Account (PSEA)

PSEA can be utilised for subsidised programmes eligible for SkillsFuture Credit support. Click here to find out more.


# SkillsFuture Credit

Singapore Citizens aged 25 and above may use their SkillsFuture Credits to pay for the course fees. The credits may be used on top of existing course fee funding.

This is only applicable to self-sponsored participants. Applications via must be made within 60 days before course commencement.

SMU Academy has to be informed on the Claim ID no. and claim amount in order for the correct payable course fee amount to be reflected on the invoice. Please click here for more details on SkillsFuture Credit.

* Note: Participants claiming SkillsFuture credits should locate the course in Training Exchange using the Course Code/Name

# Workfare Skills Support Scheme

Workfare Skills Support (WSS) Scheme in replacement of Workfare Training Support (WTS) Scheme:

With effect from 1 July 2020, applicants who wish to apply for the WTS Scheme may refer to the WSS Scheme instead. Please click here for more details.


# Enhanced Training Support Scheme

  • Organisation must be registered or incorporated in Singapore
  • At least 30% local shareholding by Singapore Citizens or Singapore Permanent Residents
  • Employment size of not more than 200 (at group level) or with annual sales turnover (at group level) of not more than SGD100 million
  • Trainees must be hired in accordance with the Employment Act and fully sponsored by their employers for the course
  • Trainees must be Singapore Citizens or Singapore Permanent Residents

# Absentee Payroll

Companies who sponsor their employees for the course may apply for Absentee Payroll here.
For more information, please refer to:


For more information on course details, write to us at or call us at +65 6974 8949 / +65 6920 5462.


Click here to send an enquiry to SMU Academy on matters pertaining to registration and billing.


I can resonate with this course because I can use what I have learnt in this course to operationalise it easily

Course participant - Dec 2021
Senior Manager in the Medical Equipment Industry

The course content brings various concepts, principles and processes pertaining to GRC together in an integrated model. The trainer did a great job in making a heavy and at times, dry topics interesting and clear.

Course participant - January 2016

A fresh and comprehensive view of GRC through the OCEG model. I like the way it gels the 4 key components - Learn, Align, Perform and Review.

Bert S.

It was a structured workshop. Concepts were explained well. After each module, recaps were done making it clear for participants. The videos used were entertaining and meaningful. The SMRT case was excellent. It was close to home and hence relatable making it easier for participants to internalise concepts and apply the principles. Very enjoyable and educational!

Course participant - July 2016

I wish I could have done this course much earlier. Performance management is more holistic than just risk management, audit.

Timothy Soh
Head (Risk Management)

The content has a good framework with a comprehensive checklist, followed with practical application for business use. It is relevant for small SMEs as well as listed companies. The instructor made the dry content interesting and relevant with real case studies, examples and videos.

Robin Pho

The GRC course was more informative than I thought and will definitely benefit myself and my company. The trainer made the course interesting, interactive and lively.

Course participant - January 2017
Head of Internal Audit - Listed Company

I am an active user of my company's GRCM system. Now, I really appreciate the full GRC model/principles.

Rosemary Goh

It was an excellent overall experience. The trainer and the training team with the GRC tools have made the GRC framework alive, relevant and easy to learn and apply at the workplace.

Cheong Sui Hunn

It would be great if we could bring our case studies and apply the techniques immediately. Overall, a good course! Good content from OCEG and great delivery from Straits! Good job!


Course is a good mix of theory and practical - very applicable for working adults

Eugene Soo
Director IGC

Case studies were very helpful to understand the workshop contents. The workshop was applicable to my area of PDPA compliance for my organisation. Kevin and William shared case studies and their experiences which were very useful.

Corrine Teh
Senior Manager

The trainers interacted well with all of the attendees. I had a great time in class and most importantly picked up very useful action items on how to implement GRC in my work. The systematic application of Principled Performance taught me how to get my regular work done effectively.

Course participant - August 2019

Using videos to illustrate the GRCP concept makes it very easy to understand and relate. The workshop taught me that I can make use of the GRCP framework to review and monitor bid processes and ensure quality bids are submitted. The GRCP can be used to ensure business risks are identified and addressed before submission. The instructors are very experienced and knowledgeable. They simplify the content to make it relevant to the real life work environment.

Course participant - August 2019

I expected the GRCP course to be very dry but the instructors made the session very interesting with relevant videos and content that is easy to absorb. GRC can be fun too!

Course participant - August 2019

Very good materials and case studies used to enhance understanding of complex terms. The content is very appropriate for any corporate personnel.

Course participant - August 2019

Content was useful and relevant, especially the GRC capability model. Both Kevin and William have provided real life case studies, videos and class participation to help us understand abstract concepts. The GRC capability model is something which we can apply in any organisation where we work or volunteer in. Both Kevin and William have a wealth of knowledge and personal experience to share. Their enthusiasm is also infectious. There was plenty of class participation. We had fun and we learnt a lot. Straits have a very good team in place.

Course participant - August 2019

It is well-paced and was able to find relevance from real life experiences. The workshop was able to relate well to my work. The trainers were articulate and clearly experienced.

Joey Leong
Business Integrity & COO

It was a comprehensive course! Appreciate the thoughts and effort put in to concise a MBA equivalent course into a 3 days course. One of the things I learnt was the framework and approach towards operationalizing governance in day to day operations.

Course participant - October 2020

Effectiveness of training was not impacted by lessons being conducted online. One thing I learnt from the class is the GRC Capability Model and application.

Chia Yew Kiat
Project Manager, JP Morgan Chase

Despite having the course done online, it was still very interactive and many sharing. It is just as good as doing the course via face to face. It was good to see how the GRC capability module all comes together at the end of the course with the hands on exercise.

Ann Tan Huai Tin
Director, Compliance and Data Protection Officer

Information is comprehensive, instructors mostly knowledgeable and providing practical and real-life examples. Very relevant to what I do on a day-to-day basis. Thank you very much for this wonderful workshop. It is an extremely helpful workshop and I will not hesitate to recommend this to my industry peers and colleagues.

Course participant - October 2020

One of the best courses I have attended. Extremely good and relatable sharing by fellow professionals.

Nigel Neo

The course was structured and engaging. Relates to my industry and aids in my conversations with my stakeholders. Experienced instructors who supplemented with plenty of industry experience.

Course participant - February 2020

A good mix of activities to enhance learning retention and the content relevant to all work areas.

Course participant - February 2020

Understanding the broader concepts of GRC and its application in this course has been invaluable and enriching . I encourage all business leaders to attend this course and learn to adopt the GRC framework to successfully transform and lead their business into the post COVID-19 era

Charles Ng
Director, Culina Pte Ltd and former Group CFO of Como Group

Integrating the governance, risk management and compliance in a framework that applies organization wide. Course contents are relevant for organizations of different sizes, just need to adjust accordingly to resources available. Relevant examples made the course contents easier to understand.

Alex Lum
ISO Compliance Executive

My most memorable takeaway is the concept of principled performance...which is profound as it is simple, in combining the achievement of business objectives, addressing uncertainty, and maintaining your integrity while doing so. Relating concepts to real-world events really helps make them easier to understand. Helpful practical exercise. I have been a long time attendee to Straits' training programs, as well as a contributor to certain activities. Straits has been instrumental in helping me achieve a lot of my professional certifications.

Ronald Allan C. Pablo
Trusted Advisor in Philippines

GRC especially risk management is a new language to cyber security management

Course participant - July 2021
Senior Executive in a Cyber Security Industry

This course gives a holistic picture of management and the sections “Learn and Align” are sorely lacking in risk management of some companies. We need to link all the elements of “Learn-Align-Perform-Review” to be complete. Any departments in a company cannot work in silo

Course participant - July 2021
Senior Executive of a Petrochem Industry

One of the key takeaways from this course is the importance of implementing GRC tools in various circumstances. The reason for my choice of course provider is that Straits Interactive have very professional trainers and a fantastic reputation. The course training has been very enlightening and refreshing - new knowledge & skills gained. The exercise using the software (GRCinBox) has been relevant to my work area. The trainers possess deep knowledge to share and impart to participants. Also, the tools and the advantages of using the GRC tool in the exercises

Louis Tan
Senior Executive in a Regional Governance Role

One of the key takeaways from this course is that now I have a better understanding of GRC. The prime reason for choosing this course provider is that they are known to have good content and trainers. During the exercises, the trainer is responsive to answer all queries

Desmond Tan
Senior Manager in a Procurement Role

One of the key takeaways from this course is how to apply the GRC capability models for any types of new projects, initiatives as well as evaluating existing projects and initiatives. This course has been very comprehensive and insightful with effective usage of real life examples to aid our learning and understanding. The exercises are very well paced, comprehensive and educational. These exercises are very useful in my job in Data Privacy for my company

Desmond Ngo
Associate in Data Protection

The GRCP course and framework is very useful to me in understanding how an organisation should function. After over 30 years working in various companies and functions but without any formal training in GRC, I was finally able to connect the dots and see clearly the 'entire elephant'! For that, I am grateful.

Anthony Boey
Facilities & HSE Consultant

I can resonate with this course because I can use what I have learnt in this course to operationalise it easily

Course participant - Dec 2021
Senior Manager in the Medical Equipment Industry

The course content brings various concepts, principles and processes pertaining to GRC together in an integrated model. The trainer did a great job in making a heavy and at times, dry topics interesting and clear.

Course participant - January 2016