Certified in Risk and Information Systems Control (CRISC)

The Certified in Risk and Information Systems Control (CRISC) certification is offered by ISACA. The program is designed for IT professionals, project managers, and others whose job it is to identify and manage risks through appropriate Information Systems (IS) controls, covering the entire lifecycle, from design to implementation to ongoing maintenance. It measures two primary areas: risk and IS controls. Similar to the IS control lifecycle, the risk area spans the gamut from identification and assessment of the scope and likelihood of a particular risk to monitoring for it and responding to it if/when it occurs.

The program we offer is completely based on TheCRISC Review Manual 2014which is a comprehensive reference guide designed to help individuals prepare for the CRISC exam and understand IT-related business risk management roles and responsibilities. The manual has been enhanced over the past editions and represents the most current, comprehensive, peer-reviewed IT-related business risk management resource available worldwide.

The 2014 manual is organized to assist candidates in understanding essential concepts and studying the following job practice areas:

  • Risk Identification, Assessment and Evaluation
  • Risk Response
  • Risk Monitoring
  • Information Systems Control Design and Implementation
  • Information Systems Control Monitoring and Maintenance

TheCRISC Review Manual 2014features a unique learning format for focused study and is separated into two distinct parts.

Part I provides a thorough overview of the concepts related to the IT-related risk management process and the design, implementation, monitoring and maintenance of information systems (IS) controls. Each chapter contains the definitions and objectives for the five CRISC job practice domains, with the corresponding tasks performed by the risk practitioner and the knowledge that is tested on the exam. Part I also includes sample practice questions, explanations of the answers and suggested resources for further study.

Part II describes, in detail, selected business and IT processes and how they related to enterprise risk and information systems controls. For each of the selected processes it:

  • Explains the process's importance to achieving business objectives
  • Introduces related key terms and concepts
  • Provides real-life examples of common risks
  • Lists selected key risk indicators
  • Describes examples of common IS controls supporting the process
  • Features the practitioner's perspective
  • Offers suggested reading materials and references

The Certified in Risk and Information Systems Control (CRISC) designation is for IT professionals who identify and manage risks through the development, implementation and maintenance of information systems controls. These professionals help enterprises accomplish business objectives such as effective and efficient operations, reliable financial reporting, and compliance with regulatory requirements. The main objective of this certification is to demonstrate to employers that the certified professional is able to identify and evaluate the risks at the implementation and development level specific to an organization, and help the company accomplish its business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.