CRISC | Certified in Risc and Information System Control
The first step to becoming CRISC certified is to take and pass the CRISC certification exam. The exam consists of 150 questions covering 4 job practice domains and tests your understanding of the knowledge and practical abilities an expert professional brings to the real-life job practice as it relates to information systems risk and control. Your ability to pass the exam will amount to substantial proof of your own expertise in these practical work-related domains:
1. Identifying IT Risc: proficiency in this realm validates the expertise required to identify the universe of IT risk in order to contribute to the execution of the IT risk management strategy, in support of business objectives and in alignment with the enterprise risk management (ERM) strategy.
Domain 1 confirms one’s ability to recognize and gauge threats and vulnerabilities to the organization’s people, processes and technology.
2. Assessing IT Risc: exam success demonstrates the advanced ability to analyze and evaluate IT risk to determine the likelihood and impact on business objectives, in order to enable risk-based decision making.
Domain 2 attests to advanced skill in identifying the current state of existing controls and evaluating their effectiveness for IT risk mitigation.
3. RISK RESPONSE AND MITIGATION—this key job practice area verifies expertise in determining risk response options while evaluating their efficiency and effectiveness to manage risk in alignment with business objectives.
Domain 3 tests your ability to select and implement informed risk decisions that are well-aligned and enunciated throughout the organization.
4. RISK AND CONTROL MONITORING AND REPORTING—the final job practice area assesses your capacity to continuously monitor and report on IT risk and controls to relevant stakeholders, so as to ensure the effectiveness of the IT risk management strategy and its alignment with business objective.
Domain 4 assesses your ability to define and establish key risk indicators (KRIs) and thresholds based on available data, to enable monitoring of changes in risk.
- Upcoming scheduled dates: