Certified in Risk &
Information System
Control
Overview
Course Objective
Students will master the four CRISC domains:
• Governance
• IT Risk Assessment
• Risk Response and Reporting
• Information Technology and Security
Who Should Attend
• IT Managers
• IT Risk Analysis
• IT Consultants
• IT Risk/Security Advisory Managers
• IT Risk Assessment Specialists
Prerequisites
Training Calendar
Intake
Duration
Program Fees
Module
Module 1 - Governance
• Risk Assessment Concepts, Standards and Frameworks
• Organizational Strategy, Goals and Objectives
• Organizational Structure, Roles and Responsibilities
• Organizational Culture and Assets
• Policies, Standards and Business Processes
• Enterprise Risk Management, Risk Management Frameworks and
Three Lines of Defense
• Risk Prole, Risk Appetite and Risk Tolerance
• Navigating Professional Ethics of Risk Management and
• Requirements in Laws, Regulations and Controls
Module 2 - IT Risk Assessment
• Risk Events, Threat Modeling and Threat Landscape
• Vulnerability and Control Deciency Analysis
• Risk Scenario Development
• Risk Register
• Risk Analysis Methodologies
• Business Impact Analysis
• Inherent, Residual and Current Risk
Module 3 - Risk Response and Reporting
• Risk Treatment/ Risk Response Options
• Risk and Control Ownership
• Managing Risk from Processes, Third Parties and Emerging
Sources
• Control Types, Standards and Frameworks
• Control Design, Selection and Analysis
• Risk Treatment Plans
• Control Implementation, Testing and E-ectiveness
• Data Collection, Aggregation, Analysis and Validation
• Risk and Control Monitoring and Reporting Techniques
• Performance, Risk and Control Metrics
Module 4 - Information Technology and Security
• Enterprise Architecture
• IT Operations Management
• Project Management
• Disaster Recovery Management
• Data Life Cycle Management
• System Development Life Cycle
• Emerging Technologies
• Information Security Concepts, Frameworks, Standards and
Awareness Training
• Business Continuity Management
• Data Privacy and Protection Principles
FAQs
General Questions:
Q: What is the Certified in Risk & Information Systems Control (CRISC) course about?
The CRISC course, awarded by ISACA, is the only globally accepted IT risk management certification designed for professionals with at least three years of experience. It demonstrates expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls. The course covers all four domains required for the CRISC certification exam.
Q: Who should attend this course?
This course is ideal for IT Managers, IT Risk Analysts, IT Consultants, IT Risk/Security Advisory Managers, and IT Risk Assessment Specialists.
Q: What are the prerequisites for this course?
Participants should have a minimum of three years of relevant professional work experience in IT Risk and Information System Control.
Q: How long is the course?
The course duration is 4 days.
Q: What key topics are covered in this course?
The course is divided into four modules:
Module 1: Governance – Covers risk assessment concepts, frameworks, organizational goals, roles, culture, ERM, risk profiles, ethics, and compliance.
Module 2: IT Risk Assessment – Focuses on threat modeling, risk scenarios, risk registers, BIA, and different types of risk.
Module 3: Risk Response and Reporting – Includes risk treatment options, ownership, control standards, testing, metrics, and monitoring.
Module 4: Information Technology and Security – Covers enterprise architecture, disaster recovery, SDLC, emerging tech, BCM, and data privacy.
Q: Will I receive a certification after completing the course?
This course prepares participants for the CRISC certification exam. After passing the exam and fulfilling ISACA’s work experience requirements, participants can obtain the globally recognized CRISC credential.
Let me know if you’d like this formatted into a flyer or web copy too!
Program Content & Skills:
Q: What foundational IT risk management concepts will I learn in this course?
You will gain a solid understanding of IT risk identification, assessment, and mitigation aligned with enterprise objectives. This includes risk assessment standards and frameworks, organizational strategy, and risk governance structures, enabling you to evaluate and strengthen IS controls across the enterprise.
Q: How does the course prepare me to align IT risk with business strategy?
The course emphasizes connecting enterprise goals with risk management strategies. You’ll explore governance frameworks, risk appetite and tolerance, organizational roles, and professional ethics—equipping you to support risk-informed decision-making that aligns IT initiatives with business objectives.
Q: What skills will I develop in assessing and responding to IT risk?
You’ll learn to identify risk events, develop scenarios, perform business impact analyses, and use risk registers. The course covers designing and implementing controls, formulating risk treatment plans, and evaluating risk response effectiveness across systems, third parties, and emerging sources.
Q: Will I learn how to manage and secure IT systems?
Yes, the course develops your skills in managing IT operations, disaster recovery, business continuity, and the system development life cycle. You’ll explore security frameworks, data protection principles, and how to integrate information security with enterprise architecture and emerging technologies.
Q: How does the course address compliance and reporting?
You’ll learn to navigate legal and regulatory requirements, design compliant control structures, and implement risk and control reporting techniques. The course focuses on data aggregation, validation, and the use of performance metrics to monitor risk and communicate insights to stakeholders.
Submit your interest today !
