CRISC Syllabus: The Four Domains

CRISC Course Outline and its four main domains

CRISC certification is ideal for professional individuals to build a career in IT Risk management. The CRISC exam verifies your ability, knowledge capacity and proven skills. However, before you get to do the exam, you’ll have to complete the CRISC syllabus. CRISC course outline is divided into four major domains, these are:

  1. IT Risk Identification

    In this chapter, you identify how certain IT risks assist in executing a risk management strategy, in line with business objectives as well as the entire enterprise risk management (ERM) strategy. You will learn information collection and review and determine possible potential risks the organization can be exposed to. This domain also teaches you to identify and assess threats through risk analysis and threat assessments within an organization.

    Other integral topics you’ll cover under this section include:

    • Identifying stakeholders
    • User Accountability
    • Creating and Maintaining an IT risk register
    • Identifying risk appetite and tolerance
    • Aligning IT risk with business objectives

    This CRISC syllabus domain covers roughly 27% of the CRISC Course outline and will also provide you with the knowledge to create training and collaborative awareness programs.

  2. IT Risk Assessment

    In the IT Risk Assessment domain, it covers roughly 28% of the CRISC Syllabus and here you’ll learn how to analyse and evaluate IT risk. Moreover, doing so will enable you to determine the likelihood and impact of the risks on business objectives and make effective risk-based decisions for the benefit of the organisation.

    Analysis and evaluation of risk scenarios is a primary feature of this domain since it enables you to determine probability and damage extent a specific risk would cause. You are also assessed on your ability to identify the status quo of existing Information System controls and if they are effective in mitigating IT risk.

    You will also learn how to review the results of risk and control, assess any shortcomings presented on the existing environment. You will also learn to assign correct risk ownership for accountability and communicate these results to senior management and stakeholders. This domain also shows you how to update the risk register regularly.

  3. Risk Response and Mitigation

    Determining risk response options and evaluating their efficiency and effectiveness in risk management is learnt in this third domain which covers about 23%. You will have the ability to consult with the risk owners to introduce or formulate measures that are in alignment with the business objectives. Consulting with risk owners helps in developing effective risk action plans through making informed decisions. In addition, how to validate a risk action plan is covered in this CRISC syllabus domain as well as design and implementation, therefore adjusting mitigating measures can be made easier.

    Since accountability is key here, clear communication lines must be established between all stakeholders involved in risk ownership. You’ll also learn how to create effective and efficient control measures

  4. Risk and Control Monitoring and Reporting

    You’ll learn how to define and establish key risk indicators in order to monitor risk changes. These changes are crucial since they tend to change an organization’s IT risk profile. Reporting on these findings is essential in ensuring informed decision making by relevant stakeholders and also realising business objectives.

FAQs on CRISC Syllabus


Materials included in CRISC training and imparting of these four domains include:

    • Video
    • Interactive Content
    • Downloadable workbooks and job aids
    • Case study activities
    • Mock examinations for practice

Syllabus of CRISC Training Course

  • The Certified in Risk and Information Systems Control exam
  • The concepts of enterprise risk
  • Plan, execute, scrutinize and retain information systems controls
  • Risk: identification, evaluation, assessment, response, and monitoring
  • IS control design and execution
  • IS control maintenance and monitoring

Download detailed course syllabus

Download Syllabus


Who should take up CRISC training?

Job roles that can benefit from CRISC Certification training include, but are not limited to:

  • IT professionals
  • Risk professionals
  • Control professionals
  • Project managers
  • Business analysts
  • Compliance professionals

Invensis Learning’s practice tests for CRISC certification are modeled on the actual examination and draw from the syllabus. They are conceptualized by our team of subject matter experts. Practice tests give you a feel of what the CRISC certification examination will be like and the extent of knowledge that is required.

  • Type: Multiple choice examination questions
  • No. of Questions: 150 questions
  • Duration: 240 minutes duration
  • Open/Closed book: Closed book
  • Result: 450 marks (on a scale of 200-800) required to pass

There are no prerequisite to take the exam; however, in order to apply for certification you must meet the necessary experience requirements as determined by ISACA. A minimum of at least 3 years of cumulative work experience performing the tasks of a CRISC professional across at least three 3 CRISC domains is required for certification.

The course structure or outline of the instructor-led CRISC exam preparation training program is as follows:

  • Risk Management and Information Systems Control
  • Risk Response
  • Risk Monitoring
  • Information Systems Control Design and Implementation
  • Information Systems Control Maintenance and Monitoring

Corporate Training Solutions

  • Experienced & Industry Specific Trainers
  • Deliver sessions across continents via Live Online
  • Training in your Language
  • Customized Trainings

Training partner for Fortune 1000 companies

Request for Training

Phone number ( required * )

You may select multiple Courses
Live virtual classroom
Select your preferred mode of contact

By clicking "Submit", you agree to our Terms of Conditions, Privacy Policy.

Get the Invensis Learning Advantage

Highly qualified and Accredited Trainers

Training Satisfaction Guaranteed

Accredited High-Quality Courseware

Reinforce with Retrospective Session

Choose from a Wide Range of Courses

Access to all our Latest Resources

© 2021 Invensis Learning Pvt Ltd.
  • PMI®, PMP®, CAPM®, PMI-ACP®, PMBOK are registered marks of the Project Management Institute. Inc.
  • ITIL® is a registered trade mark of AXELOS Limited, used under permission of AXELOS Limited
  • PRINCE2® is a registered trademark of AXELOS Limited, used under permission of AXELOS Limited
  • The Swirl logoTM is a trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved
  • The Course on this page is offered by Invensis Learning, an Affiliate of Quint Consulting Services, an Accredited Training Organisation of The APM Group Ltd
  • DevOps Foundation® is registerd mark of the DevOps institute
  • COBIT® is a trademark of ISACA® registered in the United States and other countries
  • CSM, A-CSM, CSPO, A-CSPO, and CAL are registered trademarks of Scrum Alliance
  • Invensis Learning is an Accredited Training Provider of EXIN for all their certification courses and exams