QA is proud to be an official ISACA partner and offer you the official ISACA CRISC Exam. The official Certified Risk Information Systems Control (CRISC) certification is a powerful manifestation of proficiency and expertise regarding various areas of risk. As well as this, CRISC demonstrates a commitment to IT security operations and enterprises, and a willingness to deliver quality within their profession. CRISC has been established as one of the most desirable and preferable IT security certifications worldwide.
Since its introduction in 2010, more than 24,000 professionals have obtained ISACA®’s Certified in Risk and Information Systems Control™ (CRISC™) certification. The designation demonstrates to employers that the holder is able to identify, evaluate and manage information systems and technology risk, and help enterprises achieve their business objectives. The CRISC designation is designed for IT risk, control and compliance practitioners, business analysts, project managers and other resected professionals. The highly respected certification demonstrates to employers that the holder is able to identify and evaluate IT risk, and help their enterprise accomplish its business objectives. CRISC has received over 15 global recognitions.
Professional experience within risk management/control for a minimum of 3 years is required for CRISC certification. You should have taken the QACRISC training and be familiar with the CRISC job practice domains before taking the exam.
Delegates will receive an official ISACA CRISC exam voucher. The 4hr exam tests delegate's knowledge of the four CRISC domains: Risk Identification, Risk Assessment, Risk Response and Mitigation, and Risk and Control Monitoring and Reporting. It is marked using a 200-800 point scale, with 450 being the passing mark.
1. Identifying IT Risk (27% of Exam)
- Proficiency in this realm validates the expertise required to identify the universe of IT risk in order to contribute to the execution of the IT risk management strategy, in support of business objectives and in alignment with the enterprise risk management (ERM) strategy.
- Domain 1 confirms one’s ability to recognize and gauge threats and vulnerabilities to the organization’s people, processes and technology.
2. Assessing IT Risk (28% of EXAM)
- Exam success demonstrates the advanced ability to analyse and evaluate IT risk to determine the likelihood and impact on business objectives, in order to enable risk-based decision making.
- Domain 2 attests to advanced skill in identifying the current state of existing controls and evaluating their effectiveness for IT risk mitigation.
3. Risk Response and Mitigation (23% of Exam)
- This key job practice area verifies expertise in determining risk response options while evaluating their efficiency and effectiveness to manage risk in alignment with business objectives.
- Domain 3 tests your ability to select and implement informed risk decisions that are well-aligned and enunciated throughout the organization.
4. Risk and Control Monitoring and Reporting (22% of Exam)
- The final job practice area assesses your capacity to continuously monitor and report on
- IT risk and controls to relevant stakeholders, so as to ensure the effectiveness of the IT risk management strategy and its alignment with business objectives.
- Domain 4 assesses your ability to define and establish key risk indicators (KRIs) and thresholds based on available data, to enable monitoring of changes in risk.
ISACA exams are now administered all year round in what is known as Continuous Testing at PSI Centres. Exam candidates may register for the exam whenever they are ready to sit for the examination. There are no deadlines as to when an individual needs to register by.
When registering for Continuous Testing, exam candidates are provided with a 365-day exam eligibility period to sit for the examination. Individuals may schedule their examination for a location, date, and time that is most convenient to them (based on location and date availability). Individuals can schedule, and re-schedule, as many times as needed within their personal 365-day exam eligibility period. However, the only restriction is that you CANNOT reschedule within 48 hours of your original seat time. Individuals that do not reschedule 48-hours before their scheduled appointment, and cannot sit for the exam on the scheduled appointment day, will forfeit their exam registration fee. Because each registrant gets their own 365-day exam eligibility period, there is an increased chance you will find a seat time in a location and date that is most convenient to you.
Due to having 365 days to take the exam, exam candidates will be required to schedule and sit for their examination within their 365-day window. Individuals that do not sit for their exam before the end of their 365-day window will forfeit their exam registration fees.
Continuing Professional Education (CPE)
There is a Continuing Professional Education (CPE) policy in respect of qualified CRISC professionals. The goal of this policy is to ensure that all CRISCs maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control and security. CRISCs who successfully comply with the ‘continuing professional education policy will be better trained to assess information systems and technology and provide leadership and value to their organizations.’ The responsibility for setting the continuing professional education requirements rests with the CRISC Certification Board, which oversees the continuing professional education process and requirements to ensure their applicability.