Certified in Risk and Information Systems Control

Certified in Risk and Information Systems Control certification (CRISC) is an advanced certification created in 2010 by the Information Systems Audit and Control Association. It is designed for experienced IT and business professionals, who can demonstrate 5 or more years experience, engaged at an operational level to mitigate risk and who have job experience in risk identification, response and monitoring; and IS control design, implementation, monitoring and maintenance. It also requires passing a test, designed to evaluate an applicant's understanding of risk identification, response and monitoring; and IS control design, implementation, monitoring and maintenance.
The professional experience and knowledge requirements are grouped into 5 job practice domains:
Domain 1 — Risk Identification, Assessment and Evaluation (31%)
* Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy.
Domain 2 — Risk Response (17%)
* Develop and implement risk responses to ensure that risk issues, opportunities and events are addressed in a cost-effective manner and in line with business objectives.
Domain 3 — Risk Monitoring (17%)
* Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s risk management strategy.
Domain 4 — IS Control Design and Implementation (17%)
* Design and implement IS controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives
Domain 5 — IS Control Monitoring and Maintenance (18%)
* Monitor and maintain IS controls to ensure they function effectively and efficiently.
 
< Prev   Next >