Description

• Introduction to the CRISC exam
• About the CRISC certification
• Exam structure, scoring, and preparation strategies
• Domain 1 –
• Governance
• Strategy, goals, and objectives
• Organisational structure, culture, ethics, and accountability
• Risk appetite, tolerance, and enterprise risk frameworks
• Policies, standards, legal and regulatory requirements
• Maintaining risk registers and profiles
• Stakeholder communication and reporting
• Domain 2 –
• Risk assessment
• Risk event identification and threat modelling
• Vulnerability management and scenario development
• Business impact analysis and residual risk evaluation
• Risk analysis methodologies and risk register updates
• Promoting a risk-aware culture through awareness and training
• Domain 3 –
• Risk response and reporting
• Risk response options and treatment planning
• Control design, selection, and implementation
• Issue, finding, and exception management
• Vendor and supply chain risk management
• Monitoring and analysing KPIs, KRIs, and KCIs
• Reporting emerging risks to stakeholders
• Domain 4 –
• Technology and security
• Technology roadmaps and enterprise architecture
• IT operations, lifecycle management, and disaster recovery
• Security frameworks, standards, and awareness training
• Data lifecycle management, privacy, and protection
• Emerging technologies and their risk implications
• Exam readiness
• Mock exam review
• Time management and test-taking strategies
• Exams and Assessments
• This course prepares learners for the CRISC exam. The exam is booked separately via ISACA and delivered online. It consists of 150 multiple-choice questions over four hours. A passing score of 450 (out of 800) is required. Practice questions and mock tests are included during the course.
• CRSIC exam changes from 3rd Nov 2025, the four CRISC domains remain the same, but the distribution of the exam content will slightly change to the following:
• Domain 1:
• Governance (26 percent)
• Domain 2:
• Risk Assessment (22 percent, compared to 20 percent previously)
• Domain 3:
• Risk Response and Reporting (32 percent)
• Domain 4:
• Technology and Security (20 percent, compared to 22 percent previously)
• Hands-On Learning
• Learners will engage in:
• Scenario-based group exercises and tabletop simulations
• Risk register development and analysis workshops
• Mock exam practice with guided review from instructors
• Case studies reflecting real-world enterprise risk challenges

Audience

This course is designed for:

• IT risk and compliance professionals seeking CRISC certification
• Business analysts, project managers, and auditors involved in risk activities
• IT managers, information security officers, and governance specialists responsible for risk oversight

Prerequisites

Learners should have:

• At least three years of professional experience in IT risk management or control, covering a minimum of two CRISC domains (including governance or risk assessment).
• Familiarity with risk frameworks, organisational governance, and control processes.