CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL (CRISC)

The ISACA Certified in Risk and Information Systems Control (CRISC) qualification is awarded to individuals who identify and manage risks through the development, implementation and maintenance of information systems (IS) controls. Launched in 2010, CRISC is internationally recognised and held by over 17,000 IT professionals worldwide.

The CRISC Exam Preparation course is a five days classroom session that provides a comprehensive revision programme for the key job practice knowledge domains, and exam preparation exercises that help delegates pass the exam at the first attempt. Delivered in just five days, this course has been designed to maximise time effectiveness and reduce any unnecessary time away from the office. It has also been shown to be considerably more effective than self-study preparation, which requires more time and commitment.

CRISC propels your career with the CRISC certification, and builds greater understanding of the impact of IT risk and how it relates to your organization. CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

Our unique study programme includes:

An initial CRISC knowledge assessment
Classroom presentations of key topics
Individual/team exercises and discussion sessions
Final exam preparation with example practice questions

Instructor will review the information associated with the following CRISC job practice domains:

Domain 1—Risk Identification, Assessment and Evaluation (31%)

Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy. Task Statements:

Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
Create and maintain a risk register to ensure that all identified risk factors are accounted for.
Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
Analyze risk scenarios to determine their impact on business objectives.
Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.
Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.
Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment.

Domain 2—Risk Response (17%)

Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives. Task Statements:

Identify and evaluate risk response options and provide management with information to enable risk response decisions.
Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy.
Apply risk criteria to assist in the development of the risk profile for management approval.
Assist in the development of risk response action plans to address risk factors identified in the organizational risk profile.
Assist in the development of business cases supporting the investment plan to ensure risk responses are aligned with the identified business objectives.

Domain 3—Risk Monitoring (17%)

Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s risk management strategy. Task Statements:

Collect and validate data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders.
Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.
Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements.

Domain 4—Information Systems Control Design and Implementation (17%)

Design and implement information systems controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives. Task Statements:

Interview process owners and review process design documentation to gain an understanding of the business process objectives.
Analyze and document business process objectives and design to identify required information systems controls.
Design information systems controls in consultation with process owners to ensure alignment with business needs and objectives.
Facilitate the identification of resources (e.g., people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.
Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope.
Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed.
Test information systems controls to verify effectiveness and efficiency prior to implementation.
Implement information systems controls to mitigate risk.
Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of information systems control performance in meeting business objectives.
Assess and recommend tools to automate information systems control processes.
Provide documentation and training to ensure information systems controls are effectively performed.
Ensure all controls are assigned control owners to establish accountability.
Establish control criteria to enable control life cycle management.

EXAM DETAILS

The CRISC exam is not included in this training course and candidates must book their Computer-Based Testing (CBT) exam session directly with ISACA. Our experience shows that delegates have the highest chance of success if they sit the exam approximately two to four weeks after completing the training course.

WHO SHOULD ATTEND THIS COURSE?

This course is designed for IT professionals preparing to take the ISACA Certified in Risk and Information Systems Control (CRISC) examination via a Computer-Based Testing (CBT) session which is available during three testing windows per year Candidates who pass the exam and have at least three years of relevant work experience will be awarded the CRISC qualification. For more information, please see How to Become CRISC Certified on the ISACA website.

ENTRY REQUIREMENTS

While there are no mandatory requirements to attend this course, please be aware that this is an exam preparation course and all attendees are expected to have a basic understanding of the CRISC job practice knowledge domains.

DURATION

Minimum 5 Days Training
Maximum 2 Months (Every Saturday or Sunday)

10 YEARS EXPERIENCE

Learn, Grow, Thrive Together

Register your Interest

Please let us know if you prefer a bespoke programme for your business. We take privacy seriously. We simply do not share your information with any third party or do not use information for the purpose other than it has been provided or collected for. The information sent via this form is encrypted and safe. We will contact you as soon as possible regarding the enquiry you have made. Please check your spam email folder, if you do not see our response in email inbox. Thank you.

Full Name(Required)

Email(Required)

Phone(Required)

Your Job Title

Company Name (if applicable)

I would like to attend Training(Required)

Preferred Days

Mode of Delivery

Comments or Questions

CYBERSECURITY NEXUS (CSX)

ISACA’s® Cybersecurity Nexus ™ is the only one-stop global resource for everything cyber security.

CERTIFIED INFORMATION SYSTEMS AUDITOR (CISA)

The ISACA Certified Information Systems Auditor (CISA) qualification is the

CERTIFIED INFORMATION SECURITY MANAGER (CISM)

The ISACA Certified Information Security Manager (CISM) qualification

CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL (CRISC)

The ISACA Certified in Risk and Information Systems Control (CRISC) qualification

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT (CGEIT)

The ISACA CGEIT qualification is a worldwide symbol of excellence in IT governance

CYBERSECURITY NEXUS PRACTITIONER (CSXP)

A CSX Practitioner certification demonstrates learner’s ability to serve as a first responder during

COBIT 5

Our COBIT 5 Training Programme is designed to support the growing need for skilled and

COBIT 5 FOUNDATION, IMPLEMENTATION, ACCESSOR

COBIT 5 Foundation COBIT® 5 is the internationally accepted best-practice framework for IT governance

PCI DSS

PCI DSS Compliance Compliance to the Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS FOUNDATION, IMPLEMENTATION, V3 SAQ WORKSHOP

PCI DSS Foundation This one day foundation course provides an introduction to the Payment Card Industry