The CRISC certification exam is made up of 150 multiple-choice questions and the time allotted for its completion is 240 minutes. The candidates can take it in Chinese (Simplified and Traditional), English, German, French, Italian, Korean, Japanese, Spanish, and Turkish. The passing score is 450 points (out of 800).
To register for the test, the students must pay the required fee. For the ISACA members, it is $575, while for the non-members – $760. This exam is administered through the PSI testing centers across the world. You can take it at any time because registration is always on-going. After making payment, you can schedule your test as early as 48 hours. However, make sure that you understand its content before you attempt the exam to avoid retaking it. If you do not pass the test, you will have to pay another fee.
The ISACA CRISC exam is aimed at those professionals who want to build a career in the field of IT and, in particular, in the risk management domain. The test validates that the candidates possess the basic knowledge and skills in the area of risk and information systems control. The topics covered in the exam are highlighted below:
Information Technology Risk Identification: 27%
Identify the domain of IT risk and contribute to the IT risk management strategy execution to support the business objectives while aligning with the enterprise risk management strategy;
Gather and analyze information, such as existing documentation to identify possible IT risk or its impact on the business operations and objectives of an organization;
Identify possible vulnerabilities and threats to people, process, and technology of an organization;
Develop in-depth IT risk scenarios according to available data to establish potential effects on the enterprise objectives and operations;
Create an IT risk register for documenting an identified IT risk scenario and incorporate the same in the risk profile of the enterprise;
Partner in developing a risk awareness program and carry out the required training to educate the stakeholders on the risk potential and promote the organizational risk-aware culture;
Recognize risk appetite and tolerance as defined by the key stakeholders and senior leadership to align with the business objectives.
Information Technology Risk Assessment: 28%
Analyze the outcomes of risk and control reviews to evaluate possible gaps between present and preferred states of an IT risk environment;
Review risk situations based on predetermined organizational criteria to determine the possibility and effect of identified risks;
Establish the present state of on-going controls and review their efficiency for the mitigation of IT risk;
Communicate the outcomes of risk assessment to the relevant stakeholders and senior management to allow for risk-based decision making;
Ensure that the ownership of risk is assigned at the relevant level to put accountability;
Revise a risk register in alignment with the result from a risk assessment project.
Risk Response Mitigation: 23%
Establish the options for risk response and measure their risk management effectiveness and efficiency in alignment with the business objectives;
Discuss with the risk owners to choose and align proposed risk responses with the business objectives to allow for informed risk decision making;
Discuss with or help the risk owners on risk action development plans to incorporate key elements in development plans;
Consult with the stakeholders on design, implementation, or adjustment in mitigation controls to ascertain that risks are managed to a certain acceptable level;
Revise a risk register to include changes in risk and risk response management;
Help the control owners to develop control mechanisms and documentation for effective and efficient control execution;
Certify the execution of risk responses based on risk action plans.
Risk and Control Monitoring & Reporting: 22%
Constantly supervise and report on IT risks and controls to the appropriate stakeholders to sustain continuous effectiveness and efficiency of the strategy on IT risk management and ensure that it is in alignment with the business objectives;
Identify and ascertain key risk indicators and thresholds according to present data to allow for monitoring of risk changes;
Monitor and evaluate KRI to establish trends or changes in IT risk profile to help the relevant stakeholders;
Assist in the identification of KPIs and metrics to allow for the evaluation of control performance;
Monitor and evaluate KPIs to identify trends or changes as they relate to control environments and establish the effectiveness and efficiency of the controls;
Account for the performance, trends, or changes to the overall control environment and risk profile to the appropriate stakeholders for decision making.
Udemy online courses start at $11.99
Top courses from $13.99 when you first visit Udemy.