CRISC Course Description

Choose Your Preferred Learning Mode


Customized schedule Learn at your dedicated hour Instant clarification of doubt Guaranteed to run


Flexibility, Convenience & Time Saving More Effective Learning Cost Savings



Anytime – Across The Globe Hire A Trainer At Your Own Pace Customized Corporate Training

For Business

Looking for a customized training?

CRISC Curriculum

The most functional way to pass the CRISC exam is to learn how it’s assembled. There are four domains featured in the examination developed by the CRISC community.

IT Risk Identification

It cover 27% of the syllabus from this domain for the exam preparation of scenarios to determine the potential impact of risks to an organization, who the stakeholders are, and the business risk tolerance. Data here identify present or potential risks, threats, and vulnerabilities.
  • Risk culture and communication
  • IT concepts and areas of concern for the risk practitioner
  • Procedure of risk identification
  • Ownership and accountability
  • RISK awareness, risk practitioner, capacity, IT risk scenarios of business, IT risk register, principles and appetite.

IT Risk Assessment

Lorem ipsum dolor sit amet, consectetur adipisicing elit. Optio, neque qui velit. Magni dolorum quidem ipsam eligendi, totam, facilis laudantium cum accusamus ullam voluptatibus commodi numquam, error, est. Ea, consequatur.

Risk Response and Mitigation

Covers 23% of the syllabus from this domain and evaluates the effectiveness of threat response and restoring the organization’s processes to normal. It includes who is accountable for what roles in the recovery. This domain covers the documenting controls and procedures, updating risk registers, and ensures the risk control policies are followed.
  • Aligning risk response, business objectives, Risk response options and Analysis techniques Associated with new controls.
  • Developing a risk action plan and Type of risk.
  • Business process review tools and techniques.
  • System Control design, implementation, Control monitoring, Control activities, objectives, practices and metrics.
  • Impact of emerging technologies on design and implementation of controls.

Risk, Control Monitoring and Reporting

This domain deals with the requirements for continuously monitoring both the IT risks controls and it supports business objectives. This domain also covers 22% of the curriculum for exam and the process of reporting these findings to stakeholders. The questions revolve metrics value, includes the monitoring and critical risk indicator (KRIs) analysis, and the means of analyzing key performance indicators (KPIs), the latter which can be used to change or make trends related to the controls’ efficiency and effectiveness.
  • Key risk indicators, Key performance Indicators.
  • Data collection and extraction tools and techniques.
  • Monitoring controls, Control assessment types and Results of control assessment.
  • Change to the IT risk profile.

Exam Formet

Exam Name Certified in Risk and Information System Control Certification
Duration4 Hours
Number of questions150
Question FormatMultiple Choice
Passing Marks450 out of 800
Exam CostUSD 760
Exam LanguageEnglish, French, German, Hebrew, Italian, Japanese, Korean, Spanish, Turkish, Chinese

Frequently Asked Questions

USD 575 For ISACA members and USD 760 for ISACA members. Additional fees for maintaining certification: ISACA members: $45 USD and ISACA non-members: $85 USD
As the exam is complete you will receive a pass/fail result on their screen. Participants do not get a physical printout, as the official results are emailed to participants. This usually happens within 10 working days. Scores will not be released via any other method, as confidentiality is maintained.

To be an IT Risk manager professional, CRISC certification is a must-have if you got into this. The CRISC examination is challenging, clearing it in the first attempt is possible with the right preparation at Certification forest.

CRISC: Requirements include a minimum of three years of work experience in information security program management in the CRISC job domains. This experience would be attain in the ten years prior, the application or within five years of clearing the exam. CRISC have four domains and just a slight difference.

CISA: CISA professionals will hold positions like IS or IT auditor or audit manager, non-IT auditor, the consultant and CISA professionals engaged in governance, security, assurance, and audit control and enterprise leadership roles. There is a few difference of syllabus.