CRISC is designed for IT professionals, Risk professionals, Control professionals, Business analysts, Project managers, Compliance professionals and anybody involved in managing IT risks.
The CRISC - Certified in Risk and Information Systems Control certification is the most current and rigorous assessment available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institution. Achieving CRISC certification validates that you have the knowledge and expertise to help companies understand business risk. It also confirms that you have the technical knowledge to implement appropriate information system (IS) controls.
Certified in Risk and Information Systems Control (CRISC) is a certification awarded by ISACA. CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.
CRISC identifies IT professionals who are responsible for managing IT and enterprise risk and ensuring that risk management goals are met. A CRISC is often heavily involved with overseeing the development, implementation and maintenance of information system (IS) controls designed to secure systems and manage risk.
CRISC has international recognition as one of the best certifications in the market. It is one of the unique certificates which are accredited by the American National Standards Institute (ANSI), and among the highest-paying certifications in the market. For more details, please visit www.isaca.org.
CRISCs bring additional professionalism to any organization by demonstrating a quantifiable standard of knowledge, pursuing continuing education, and adhering to a standard of ethical conduct established by ISACA.
CRISC employees build greater understanding about the impact of IT risk and how it relates to the overall organization. They are capable to assure development of more effective plans to mitigate risks, and they are able to establish a common perspective and language about IT risk that can set the standard for the enterprise.
Domain 1 - Risk Management
- Collect and review environmental risk data
- Identify potential vulnerabilities to people, processes and assets
- Develop IT scenarios based on information and potential impact to the organization
- Identify key stakeholders for risk scenarios
- Establish risk register
- Gain senior leadership and stakeholder approval of the risk plan
- Collaborate to create a risk awareness program and conduct training
- Analyses risk scenarios to determine likelihood and impact
- Identify current state of risk controls and their effectiveness
- Determine gaps between the current state of risk controls and the desired state
- Ensure risk ownership is assigned at the appropriate level
- Communicate risk assessment data to senior management and appropriate stakeholders
- Update the risk register with risk assessment data
- Align risk responses with business objectives
- Develop consult with and assist risk owners with development risk action plans
- Ensure risk mitigation controls are managed to acceptable levels
- Ensure control ownership is appropriately assigned to establish accountability
- Develop and document control procedures for effective control
- Update the risk register
- Validate that risk responses are executed according to risk action plans
- Risk and control monitoring and reporting
- Define key risk indicators (KRIs) and identify key performance indicators (KPIs) to enable performance measurement key risk indicators (KRIs) and key performance indicators (KPIs)
- Determine the effectiveness of control assessments
- Identify and report trends/changes to KRIs/KPIs that affect control performance or the risk profile
- Instructor Profile: