Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

The Future Is Here

Dell Inc.’s FCPA compliance program was in the news this week for the right reasons. The program was certified by the Open Compliance & Ethics Group. The OCEG helps companies think about compliance systems that can be embedded into the corporate fabric. It’s a non-profit group supported by some big names: Dell, Microsoft, Deloitte, SAP, Visa, Ernst & Young, Thomson Reuters, Baker Hughes, and many more.

Individuals can become basic members for free (we did) or can upgrade to paid memberships with access to more information. Companies can buy memberships that cover their people as well.

OCEG’s basic product is its Red Book 2.0, a 200-page pdf file that members can download from the site. OCEG said it worked with “a committee of hundreds of esteemed experts, including many in-house GRC professionals, external advisors and auditors, and academics” to develop Red Book 2.0. (GRC means governance, risk and compliance.)

At the center of the Red Book approach is the GRC Capability Model™. It’s made up of couplets like Context & Culture, Monitor & Measure, Organize & Oversee, Respond & Resolve, and so on. In the pages that follow, each couplet is presented under the headings: principles, common causes of failure, guidelines and practices, key deliverables, and enabling technology components.

The OCEG speaks the language of modern global corporations — so unless you’re fluent in the lingua franca, the Red Book may take some getting used to. But there’s valuable information inside and plenty of comfort for those who rely on systems tools and processes to think about problems and solutions. (Corporations today are almost unimaginably large and complex — a hundred thousand employees, tens of thousands of suppliers, operations in 50 countries — who can think about them without getting a little rattled? The Red Book is one way to deal with it.) While there’s always a risk of mistaking the model for the real thing, there’s also value in using different approaches to involve new people in compliance.

The OCEG said it created its certification program “to enable a company and its stakeholders to gain transparency into the steps the company has taken to establish a strong and effective approach to governance, risk management and compliance.” Transparency we’re not so sure about — mainly because corporate-systems-speak isn’t our native language — but steps to compliance are certainly there.

As for Dell, the OCEG says the company received “not a point in time certification of FCPA compliance, [but] an acknowledgement that Dell has taken significant, proactive steps to design a program that will enhance its ability to appropriately prevent, detect and react to non-compliance.”

Share this post



  1. Thanks for the support of our certification program. The Dell FCPA design certification is the first and we expect many more companies to follow not only in design certification, but also in certifying operation once new programs are fully implemented. The Institute of Internal Auditors (IIA) has recently issued a Knowledge Briefing recommending that board audit committees ask management to obtain OCEG certification for anti-corruption programs. Get the PDF here:

    OCEG certification is available for every aspect of governance, risk management and compliance no matter what the "silo" – FCPA and all other regulatory requirements.

Comments are closed for this article!