CRISC Certification Syllabus

CRISC certification is ideal for professionals to build a career in IT Risk management. The CRISC exam verifies your ability, knowledge capacity, and proven skills. However, before you get to do the exam, you'll have to complete the CRISC Certification syllabus. So let us now discuss the same.

CRISC Certification Syllabus: Course Outline and its four main domains

CRISC course outline is divided into four domains. The main reason to choose them is to test your expertise in the four work-related domains. The details of each domain with its percentage of difficulty are mentioned in the table below. These are in line with the ISACA syllabus.

Domain Topics Weightage
1. Governance A. Organizational Governance
  • Organizational Strategy, Goals, and Objectives
  • Organizational Structure, Roles, and Responsibilities
  • Organizational Culture
  • Policies and Standards
  • Business Processes
  • Organizational Assets
B.Risk Governance
  • Enterprise Risk Management and Risk Management Framework
  • Three Lines of Defense
  • Risk Profile
  • Risk Appetite and Risk Tolerance
  • Legal, Regulatory, and Contractual Requirements
  • Professional Ethics of Risk Management
26%
2. IT Risk Assessment A. IT Risk Identification
  • Risk Events (e.g., contributing conditions, loss result)
  • Threat Modelling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
  • Risk Scenario Development
B. IT Risk Analysis and Evaluation
  • Risk Assessment Concepts, Standards, and Frameworks
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent and Residual Risk
20%
3. Risk Response and Reporting A. Risk Response
  • Risk Treatment / Risk Response Options
  • Risk and Control Ownership
  • Third-Party Risk Management
  • Issue, Finding, and Exception Management
  • Management of Emerging Risk
B. Control Design and Implementation
  • Control Types, Standards, and Frameworks
  • Control Design, Selection, and Analysis
  • Control Implementation
  • Control Testing and Effectiveness Evaluation
C. Risk Monitoring and Reporting
  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis, and Validation
  • Risk and Control Monitoring Techniques
  • Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
  • Key Performance Indicators
  • Key Risk Indicators (KRIs)
  • Key Control Indicators (KCIs)
32%
4. Information Technology and Security A. Information Technology Principles
  • Enterprise Architecture
  • IT Operations Management (e.g., change management, IT assets, problems, incidents)
  • Project Management
  • Disaster Recovery Management (DRM)
  • Data Lifecycle Management
  • System Development Life Cycle (SDLC)
  • Emerging Technologies
B. Information Security Principles
  • Information Security Concepts, Frameworks, and Standards
  • Information Security Awareness Training
  • Business Continuity Management
  • Data Privacy and Data Protection Principles
22%

Now that you have seen the CRISC Certification syllabus, let us go through each domain in detail.

1. Governance

In this particular domain, 26% of the CRISC Certification Syllabus is covered. And here, you'll learn how one can analyze and evaluate IT risk. In addition, you will have a glimpse of both Organizational Governance and Risk Governance. Most of the Organizational structure, goals, roles, responsibilities, and culture required for a business process are explained here. Moreover, you will learn about Risk Profile and Risk Tolerance with Professional Ethics of Risk Management.

2. IT Risk Assessment

The IT Risk Assessment domain covers roughly 20% of the CRISC Certification Syllabus. In this domain, you will learn to determine the likelihood and impact of risks on business goals that can benefit the organization and make effective risk-based decisions.

Here, the analysis and evaluation of risk scenarios is an important requirement because it allows you to determine the probability and degree of damage that a particular risk will cause. In addition, you are also assessed on your ability to identify the status quo of existing Information System controls and if they effectively mitigate IT risks.

You will also understand how to review the results of risk and control and assess any shortcomings presented in the existing environment. You will also learn to assign the correct ownership of risk for accountability and communicate these results to top management and stakeholders. In addition, this domain also shows you how to update the risk register regularly.

3. Risk Response and Reporting

The third domain, which accounts for about 32% of the CRISC certification syllabus, determines risk response options and evaluates the efficiency and effectiveness of risk management. You will have the capability to consult with the risk owners to introduce or formulate measures that align with the business purpose. Consulting with risk owners helps in developing efficient risk action plans through making informed decisions. In addition, this CRISC syllabus domain and design and implementation cover how to validate a risk action plan.

Since accountability is key here, must establish a clear communication line between stakeholders in risk ownership. You'll also learn how to generate effective and efficient control measures. In addition, you'll learn how to define and establish key risk indicators to manage risk changes. These changes are critical because they tend to change the IT risk profile of the organization. Reporting these findings is essential to ensure decision-making by relevant stakeholders and also realizing business objectives.

4. Information Technology and Security

The requirement for reduction of the risk in data breaches and attacks in IT systems is increasing. So, applying security controls to prevent unauthorized access to sensitive information is necessary. It is the key area in the 4th domain, which covers around 22% of the syllabus.

In this domain, you will get to know the principles of both Information Technology and Information Security. In addition, you will learn Information Security Concepts, Frameworks, and Standards along with IT Operations Management with many emerging technologies.

Conclusion

CRISC certification is a globally recognized certification for IT risk and information system control. Completing CRISC training and certification is an important step in obtaining the necessary skills and best practices to uphold risk management in an organization. At Invensis Learning, we provide CRISC certification training worldwide. Therefore, register with us and embark on a journey to become a CRISC certified expert and excel in your career.

FAQs on CRISC Certification Syllabus

1. What modes of teaching are in the CRISC Course Outline?

Materials included in CRISC training and imparting of these four domains include:

  • Video
  • Interactive Content
  • Downloadable workbooks and job aids
  • Case study activities
  • Mock examinations for practice

2. How long does it take to get CRISC Certified?

After clearing the necessary eligibility requirements for the CRISC Certification one can start the process to get the CRISC certification. Any professional requires about 8 eight weeks to complete training, revise, and gain the CRISC certification.

Syllabus of CRISC Training Course

Areas of Study

  • The Certified in Risk and Information Systems Control exam
  • The concepts of enterprise risk
  • Plan, execute, scrutinize and retain information systems controls
  • Risk: identification, evaluation, assessment, response, and monitoring
  • IS control design and execution
  • IS control maintenance and monitoring

  • There are no prerequisite to take the exam; however, in order to apply for certification you must meet the necessary experience requirements as determined by ISACA. A minimum of at least 3 years of cumulative work experience performing the tasks of a CRISC professional across at least three 3 CRISC domains is required for certification.

  • Multiple choice examination questions
  • 150 questions
  • 450 marks (on a scale of 200-800)
  • required to pass
  • 240 minutes’ duration
  • Closed book

  • Job roles that can benefit from CRISC training include, but are not limited to:
  • IT professionals
  • Risk professionals
  • Control professionals
  • Project managers
  • Business analysts
  • Compliance professionals

FAQs on CRISC

Who should take up the CRISC Certification course in United States?

Job roles that can benefit from CRISC training in United States include, but are not limited to:

  • IT professionals
  • Risk professionals
  • Control professionals
  • Project managers
  • Business analysts
  • Compliance professionals

Invensis Learning’s practice tests for CRISC certification are modeled on the actual examination and draw from the syllabus. They are conceptualized by our team of subject matter experts. Practice tests give you a feel of what the CRISC certification examination will be like and the extent of knowledge that is required.

  • Type: Multiple choice examination questions
  • No. of Questions: 150 questions
  • Duration: 240 minutes duration
  • Open/Closed book: Closed book
  • Result: 450 marks (on a scale of 200-800) required to pass

There are no prerequisite to take the exam; however, in order to apply for certification you must meet the necessary experience requirements as determined by ISACA. A minimum of at least 3 years of cumulative work experience performing the tasks of a CRISC professional across at least three 3 CRISC domains is required for certification.

The course structure or outline of the instructor-led CRISC exam preparation training program is as follows:

  • Risk Management and Information Systems Control
  • Risk Response
  • Risk Monitoring
  • Information Systems Control Design and Implementation
  • Information Systems Control Maintenance and Monitoring

Corporate Training Solutions


  • Experienced & Industry Specific Trainers
  • Deliver sessions across continents via Live Online
  • Training in your Language
  • Customized Trainings

Training partner for Fortune 1000 companies

Request for Training

Phone number ( required * )

You may select multiple Courses
Live virtual classroom
Select your preferred mode of contact


By clicking "Submit", you agree to our Terms of Conditions, Privacy Policy.

Get the Invensis Learning Advantage

Highly qualified and Accredited Trainers

Training Satisfaction Guaranteed

Accredited High-Quality Courseware

Reinforce with Retrospective Session

Choose from a Wide Range of Courses

Access to all our Latest Resources

© 2022 Invensis Learning Pvt Ltd.
Disclaimer
  • PMI®, PMP®, CAPM®, PMI-ACP®, PMBOK are registered marks of the Project Management Institute. Inc.
  • ITIL® is a registered trade mark of AXELOS Limited, used under permission of AXELOS Limited
  • PRINCE2® is a registered trademark of AXELOS Limited, used under permission of AXELOS Limited
  • The Swirl logoTM is a trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved
  • All APMG courses offered by Invensis Learning, an Affiliate of Quint Consulting Services, an Accredited Training Organisation of The APM Group Ltd
  • DevOps Foundation® is registerd mark of the DevOps institute
  • COBIT® is a trademark of ISACA® registered in the United States and other countries
  • CSM, A-CSM, CSPO, A-CSPO, and CAL are registered trademarks of Scrum Alliance
  • Invensis Learning is an Accredited Training Provider of EXIN for all their certification courses and exams