CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL (CRISC)
The Certified in Risk and Information Systems Control (CRISC) course provides in-depth knowledge and practical skills required to identify, assess, manage, and mitigate IT and enterprise risks. The certification is awarded by ISACA and is globally recognized for professionals who design and manage risk-based controls and governance frameworks. CRISC bridges the gap between business risk and IT risk, enabling professionals to support strategic decision-making, protect enterprise value, and ensure organizational resilience. The course emphasizes risk governance, risk assessment methodologies, control implementation, and continuous monitoring. Successful completion prepares participants for the CRISC certification examination and senior roles in IT risk, governance, and compliance. Course Objectives By the end of this course, learners will be able to: Understand enterprise and IT risk management principles Identify and assess information systems-related risks Design and implement risk response and mitigation strategies Develop and maintain risk and control frameworks Monitor, report, and communicate risk effectively Align risk management with business objectives Prepare for the CRISC certification examination
Course Curriculum
1
- Enterprise governance concepts
- Risk governance frameworks
- Roles, responsibilities, and accountability
- Risk appetite and tolerance
- Strategic alignment of risk management
2
- Risk identification techniques
- Risk analysis and evaluation
- Threats, vulnerabilities, and impacts
- Risk scenarios and likelihood assessment
- Risk assessment methodologies
3
- Risk treatment options (mitigate, accept, avoid, transfer)
- Control selection and design
- Risk response planning
- Risk reporting and communication
- Key risk indicators (KRIs)
4
- IT control frameworks
- Information security controls
- Change and configuration management
- Business continuity and disaster recovery
- Emerging technology risks
5
- Instructor-led professional training
- Case studies and risk management scenarios
- Practical risk assessment and control design exercises
6
- IT risk and control professionals
- Risk managers and GRC specialists
- IT auditors and assurance professionals
- Compliance and governance managers
- Information security professionals
- Professionals preparing for the CRISC certification
7
- No mandatory prerequisites to sit for the exam
- A minimum of three years of professional experience in IT risk management and control is required for certification award (as defined by ISACA, with possible waivers)
8
- Domain-based quizzes and evaluations
- Case study and scenario analysis
- Mock CRISC examinations
- Final assessment aligned with the CRISC exam
9
Successful candidates earn the Certified in Risk and Information Systems Control (CRISC) designation, demonstrating expertise in IT risk identification, assessment, and control implementation.
This course includes
- 9+ Activity Modules
- 40 hours + lessons
- Lifetime access
- Certificate of completion
- Available on desktop and mobile
Some of Our Partners
