Certified In Risk and Information Systems Control ( CRISC )

Convenient

Self-Paced

Virtual

CRISC Certification Job Practice (Changed from 1 Aug 2021)

Domain 1 – Governance (26%)

  • Collect and review existing information regarding the organization’s business and IT environments. 
  • Identify potential or realized impacts of IT risk to the organization’s business objectives and operations. 
  • Identify threats and vulnerabilities to the organization’s people, processes and technology. 
  • Evaluate threats, vulnerabilities and risk to identify IT risk scenarios. 
  • Establish accountability by assigning and validating appropriate levels of risk and control ownership. 
  • Establish and maintain the IT risk register and incorporate it into the enterprise-wide risk profile. 
  • Facilitate the identification of risk appetite and risk tolerance by key stakeholders. 
  • Promote a risk-aware culture by contributing to the development and implementation of security awareness training. 
  • Conduct a risk assessment by analyzing IT risk scenarios and determining their likelihood and impact.

Domain 2 – IT Risk Assessment (20%)

  • Analyze risk scenarios to determine likelihood and impact
  • Identify current state of risk controls and their effectiveness
  • Determine gaps between the current state of risk controls and the desired state
  • Ensure risk ownership is assigned at the appropriate level
  • Communicate risk assessment data to senior management and appropriate stakeholders
  • Update the risk register with risk assessment data

Domain 3 – Risk Response and Reporting (32%)

  • Align risk responses with business objectives
  • Develop consult with and assist risk owners with development risk action plans
  • Ensure risk mitigation controls are managed to acceptable levels
  • Ensure control ownership is appropriately assigned to establish accountability
  • Develop and document control procedures for effective control
  • Update the risk register
  • Validate that risk responses are executed according to risk action plans

Domain 4 – Information Technology and Security (22%)

  • Risk and control monitoring and reporting
  • Define key risk indicators (KRIs) and identify key performance indicators (KPIs) to enable performance measurement key risk indicators (KRIs) and key performance indicators (KPIs)
  • Determine the effectiveness of control assessments
  • Identify and report trends/changes to KRIs/KPIs that affect control performance or the risk profile

 

CRISC Training
Free
Free access this course

About the Instructor

Srinivasan Shamarao

ESESP Academy’s founder and Chief Trainer Shrinivasan Shamarao “Shrini” is a Qualified Chartered Accountant and is accredited as Chapter Trainer by APMG for CISA, CRISC and CGEIT. He has more than 23 years of industry experience in IT audit, Security, GRC and Finance and has experience of training more than 150 students in all ISACA certifications. He has been Guest Faculty for ISACA Chennai and Muscat Chapters and has 7 years of training experience.

Srinivasan Shamarao

ESESP Academy’s founder and Chief Trainer Shrinivasan Shamarao “Shrini” is a Qualified Chartered Accountant and is accredited as Chapter Trainer by APMG for CISA, CRISC and CGEIT. He has more than 23 years of industry experience in IT audit, Security, GRC and Finance and has experience of training more than 150 students in all ISACA certifications. He has been Guest Faculty for ISACA Chennai and Muscat Chapters and has 7 years of training experience.

p9

Share this Course