JE KIS

CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL (CRISC)

CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL (CRISC)

The ISACA Certified in Risk and Information Systems Control (CRISC) certification is granted to individuals who can effectively recognize and handle risks by developing, implementing, and maintaining controls for information systems (IS). This program was launched in 2010 and has gained international recognition, with over 17,000 IT professionals holding this certification worldwide.

The CRISC Exam Preparation course spans five days and is conducted in a classroom setting. It offers a comprehensive review program covering the key knowledge domains necessary for the job and includes exercises to help candidates pass the exam on their first attempt. This course is designed to optimize time usage and minimize unnecessary time away from work. Studies have shown that it is considerably more effective than self-study, which demands more time and commitment.

Achieving CRISC certification can propel your career by enhancing your understanding of IT risk and its relevance to your organization. CRISC is the only certification program that equips IT professionals to address the distinctive challenges of IT and enterprise risk management, positioning them as strategic partners within the enterprise.

Our unique study program comprises the following components:

  1. An initial assessment of CRISC knowledge.
  2. Classroom presentations covering essential topics.
  3. Individual and team exercises along with discussion sessions.
  4. Preparation for the final exam, including practice questions.
  5. Instructor-led reviews of information related to CRISC job practice domains.

In this domain, the focus is on the identification, assessment, and evaluation of risks to effectively implement the enterprise risk management strategy. The following task statements outline the key responsibilities:

  1. Gather information and thoroughly examine documentation to ensure the identification and assessment of potential risk scenarios.

  2. Recognize legal, regulatory, and contractual obligations, as well as organizational policies and standards related to information systems, to assess their potential impact on business objectives.

  3. Identify possible threats and vulnerabilities that pertain to business processes, associated data, and supporting capabilities, thereby aiding in the comprehensive evaluation of enterprise risks.

  4. Establish and continuously update a risk register to ensure that all identified risk factors are duly considered.

  5. Compile risk scenarios to gauge the probability and consequences of significant events for the organization.

  6. Analyze these risk scenarios to determine how they could affect business objectives.

  7. Develop a risk awareness program and conduct training sessions to ensure that stakeholders have a clear understanding of risk, actively contribute to the risk management process, and foster a culture that is attuned to risk awareness.

  8. Correlate identified risk scenarios with relevant business processes, facilitating the identification of who within the organization is responsible for managing each risk.

  9. Validate the organization’s risk appetite and tolerance in consultation with senior leadership and key stakeholders, ensuring alignment with the overall strategy.

In this domain, the focus is on developing and executing strategies to deal with risks effectively and efficiently, while aligning with the organization’s goals. The tasks involved are as follows:

  1. Assess and analyze various options for responding to risks, providing management with the necessary information for making informed decisions on risk responses.

  2. Collaborate with relevant stakeholders to review the chosen risk responses, ensuring they are efficient, effective, and cost-effective.

  3. Apply specific risk criteria to aid in shaping the overall risk profile, seeking approval from management for this profile.

  4. Contribute to the formulation of action plans that outline how to address the specific risk factors identified within the organizational risk profile.

  5. Participate in developing business cases that support the investment plan, ensuring that risk responses are in harmony with the identified business objectives.

Supervise the process of tracking risks and conveying pertinent information to the appropriate stakeholders, ensuring the ongoing efficacy of the organization’s risk management approach. Tasks include:

  1. Gather and verify data that gauge essential risk indicators (ERIs), ensuring the monitoring and transmission of their status to relevant stakeholders.
  2. Oversee and convey vital risk indicators (ERIs) and managerial actions to aid relevant stakeholders in their decision-making procedures.
  3. Facilitate autonomous risk evaluations and assessments of the risk management process to guarantee their efficient and proficient execution.
  4. Recognize and report on risks, encompassing compliance considerations, to initiate corrective measures and fulfill business and regulatory prerequisites.

Plan and execute the development of information systems controls that align with the organization’s risk tolerance and support its business goals. Here are the specific tasks:

  1. Conduct interviews with process owners and review process design documents to comprehend the objectives of business processes.
  2. Analyze and document the business process objectives and designs to identify the necessary information systems controls.
  3. Collaborate with process owners to design information systems controls that align with business needs and objectives.
  4. Facilitate the identification of resources, such as personnel, infrastructure, data, and architecture, needed for optimal implementation and operation of information systems controls.
  5. Oversee the information systems control design and implementation process to ensure effective execution within the set time, budget, and scope.
  6. Deliver progress reports on the implementation of information systems controls to inform stakeholders and promptly address any deviations.
  7. Conduct testing of information systems controls to ensure their effectiveness and efficiency before implementation.
  8. Put in place information systems controls to mitigate risks.
  9. Assist in identifying metrics and key performance indicators (KPIs) for measuring the performance of information systems controls in achieving business objectives.
  10. Evaluate and suggest tools that can automate processes related to information systems controls.
  11. Provide documentation and training to ensure the effective execution of information systems controls.
  12. Assign control owners to all controls to establish accountability.
  13. Define control criteria to enable the management of controls throughout their life cycle.

EXAMINATION DETAILS

This training course does not include the CRISC exam, and candidates must independently schedule their Computer-Based Testing (CBT) exam session with ISACA. Our experience has shown that candidates have the highest likelihood of success if they take the exam approximately two to four weeks after completing this training course.

WHO SHOULD PARTICIPATE IN THIS COURSE?

This course is tailored for IT professionals who are preparing to take the ISACA Certified in Risk and Information Systems Control (CRISC) examination via a Computer-Based Testing (CBT) session. The CRISC exam is available during three testing windows each year. Candidates who pass the exam and possess a minimum of three years of relevant work experience will earn the CRISC qualification. For additional details, please refer to the ‘How to Become CRISC Certified’ section on the ISACA website.

ADMISSION REQUIREMENTS

While there are no compulsory prerequisites for enrolling in this course, it’s important to note that this is an exam preparation course. All participants are expected to have a fundamental understanding of the CRISC job practice knowledge domains.

DURATION

Minimum Duration: 5 Days of Training Maximum Duration: 2 Months (Every Saturday or Sunday).

Other Services

Share This :