CRISC: Certified in Risk and Information Systems Control

CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise. CRISC certification makes you highly valuable to enterprises seeking to manage IT risk as a critical component of the innovation process.


The Certified in Risk and Information Systems Control (CRISC) certification is the most current and rigorous assessment available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institution. Achieving CRISC certification validates that you have the knowledge and expertise to help companies understand business risk. It also confirms that you have the technical knowledge to implement appropriate information system (IS) controls.

Audience Profile

The CRISC certification is specifically created for risk and control professionals, which include:

  • IT professionals
  • Risk professionals
  • Control professionals
  • Business analysts
  • Project managers
  • Compliance professionals


  • Denotes a prestigious, lifelong symbol of knowledge and expertise as a risk professional
  • Increases your value to your organization as it seeks to manage IT risk
  • Gives you a competitive advantage over peers when seeking job growth
  • Gives you access to ISACA's global community of knowThe aledge and the most up-to-date thinking on IT risk management
  • Helps you achieve a high professional standard through ISACA’s requirements for continuing education and ethical conduct
Module 1: Risk Identification Assessment and Evaluation (RI)
  • Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy
  • Collect information and review documentation to ensure that risk scenarios are identified and evaluated
  • Create and maintain a risk register to ensure that all identified risk factors are accounted for
  • Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization
Module 2: Risk Response (RR)
  • Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives
  • Identify and evaluate risk response options and provide management with information to enable risk response decisions
  • Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy
  • Apply risk criteria to assist in the development of the risk profile for management approval
  • Assist in the development of business cases supporting the investment plan to ensure risk responses are aligned with the identified business objectives
Module 3: Risk Monitoring (RM)
  • Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s risk management strategy
  • Collect and validate data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders
  • Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process
  • Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements
Module 4: IS Control Design and Implementation (CD)
  • Design and implement information systems controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives
  • Interview process owners and review process design documentation to gain an understanding of the business process objectives
  • Facilitate the identification of resources (e.g., people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level
  • Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed
Module 5: IS Control Monitoring and Maintenance (MM)
  • Monitor and maintain information systems controls to ensure they function effectively and efficiently
  • Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of information systems controls
  • Collect information and review documentation to identify information systems control deficiencies
  • Maintain sufficient, adequate evidence to support conclusions on the existence and operating effectiveness of information systems controls
  • Provide information systems control status reporting to relevant stakeholders to enable informed decision making


60,000 MUR including original ISACA CRISC Latest Review Manual

Early Bird: Register 1 month in advance and get 10% discount.

Ask us for a Group Discounts as from 3 students.


Each participant will receive the original ISACA CRISC Latest Review Manual.


All ISACA certifications are held three times per year each June, September and December. The exams are organized by the MES. For more informations contact Tylers or ISACA Mauritius chapter.