IT enterprise risk management is a key area that every well-established company should take seriously. This is especially true considering the sheer number and variety of threats and vulnerabilities discovered almost daily.
Successful IT enterprise risk management requires qualified and experienced professionals. ISACA’s CRISC (Certified in Risk and Information Systems Control) is a high-level certification program that allows professionals to build greater understanding of the impact of IT risk and how it relates to organizations.
Not unlike the actual job of an IT risk manager, passing ISACA’s CRISC is not a simple endeavor. The certification was designed for professionals skilled in the management of IT risk, and the design, implementation, monitoring and maintenance of IS controls. The exam includes 150 questions, divided into four domains, and must be completed in less than four hours. Once the exam is successfully beaten, candidates are still required to provide proof of at least three years of work experience managing IT risk by designing and implementing IS controls, including experience across at least two of the four CRISC domains.
If you wish to become an expert IT risk manager, the CRISC is one of the best certification choices available. Here are a few practical tips to help you secure your CRISC certification.
- Read ISACA’s Exam Candidate Information Guide First
The ISACA Exam Candidate Information Guide provides lots of practical information for the exam, including important topics such as exam registration, deadlines and key candidate details for exam-day administration. It even has valuable information such as the exam domains, the number of exam questions, its length and the languages available. No candidate should take the CRISC exam without reading this guide.
- Choose the Right Resources
Begin preparing for your exam by checking ISACA’s official CRISC Exam Resources and reading the CRISC Review Manual. As most candidates that have successfully earned this certification would tell you, it is a must read.
The manual is available in hardcopy and e-book format. It is divided according to CRISC’s four job practice areas: IT risk identification, IT risk assessment, risk response and mitigation and risk and control monitoring and reporting.
Each chapter is also divided into two sections allowing for focused study sessions. The first section of each chapter contains basic information like definitions and objectives, task and knowledge statements, basic self-assessment questions, answers and explanations and resource suggestions for further study. The second of each chapter consists of reference material and content that supports the knowledge statements.
Candidates using the CRISC Review Manual can be sure of one thing: The answer to each and every question on the actual exam is somewhere amongst its pages.
- Practice Makes Perfect
While the review manual is an excellent stand-alone document for individual/group study or even in-class training review courses, it is not advisable to base your entire preparation solely on the manual. A sound approach is complementing the review manual with the CRISC Review Questions, Answers & Explanations, also available in ISACA’s official CRISC Exam Resources.
Candidates can either buy a hardcopy or go for the web-based subscription service. The content is the same: 500 questions, answered and explained in detail. It is important to understand while practice questions are not actual exam questions, the type, structure and level of difficulty fully represent what is expected of candidates during the real test.
When deciding what version best suits your needs, consider the advantages of the online version. As expected, it can be used anywhere with an Internet connection and allows the creation of custom sample exams, ranging from a quick 20-question round to a full 150-question simulation with randomly selected questions from any of the exam domains. Its record-tracking features are also a neat addition, as it facilitates the task of identifying both strengths and weaknesses based on specific domains or subjects, helping candidates focus study efforts accordingly.
- Become One With the CRISC Community
The CRISC Exam Study Community is the best place to get involved with other candidates and share study methods, information about study resources and what to expect the day of the exam.
As usual, it is important to verify the credibility of any source you are using, including your chosen CRISC online community. For instance, if you are looking for a formal definition of a concept that is covered in the exam, the best approach is using official material, e.g., books, guidelines and other official publications. But, if you are looking for general advice, posting your question to an online forum such as reddit or TechExams can be quite helpful.
One terrific way of using the study community is checking for post-exam success stories, as most of them will be full of practical tips or even include the full strategy that was used. This may help you understand the exam from several different perspectives; posts can come from candidates with little technical background or tech experts. Either way, combining different views with your own background can be of immense value.
- Do Not Rely on Personal Experience
Since the CRISC is designed for experienced professionals, candidates are expected to have experience with IT risk and control. While in a real situation your personal experience plays a significant role whenever making a critical decision, relying on it too much during the CRISC exam can lead to failure. One of the most important steps during your exam preparation is learning how ISACA thinks, how they ask questions and how those questions are worded. Reading the CRISC Review Manual can shed some light on this subject, but your best option is to use the official question and answer database and try to understand the rationale behind each question.
This may be harder for candidates that already work with IT risk, but keep in mind that during the actual exam questions must be answered based on what ISACA deems as a good practice — personal experience alone should be used only as a last resort.
- Create Your Own Custom Study Plan
The CRISC exam spans four domains covering a variety of different subject areas. You must make sure you have enough time to review each domain at least once; this includes not only studying, but also completing mock exams, visiting online forums and spending extra time reviewing areas that need improvement.
Without adequate planning, your chance of success will drop. Creating a study plan that fits your personal needs is essential; even a simple to-do list can help a lot. For your custom study plan, you should consider factors such as:
- How soon do you intend to take the examination? Check the PSI website to find a time and location that works for you.
- How much time can you devote to your study efforts? If you are already working, or have other commitments, make sure you can dedicate sufficient time to the basics, such as covering all exam topics, taking practice tests and reviewing exam simulations.
- How much can you spend on preparation material and training courses? Look for official, certified study materials and training to make sure you have a thorough understanding of each topic covered in the exam. A great option is getting the official review manual and reading it early on; this will create a solid basis for further skill development using your choice of training methodology.
- What training method best suits you? Some people prefer self-learning, while others think there is no substitute for the classroom. Other candidates find online training helps them study on-the-go, at any time. Use your past learning experiences to help you pick the method to help you prepare best.
- How well acquainted are you already with the exam subjects? Even very experienced professionals, with good knowledge about the certification subject, can have a hard time during the examination. Your personal experience can save you some studying time, but you should take into consideration factors such as the exam length and question logic. Relying too much on experience alone is a poor strategy that will likely lead to bad results.
- Get Involved In an Exam Prep Course
Deciding to use a self-study-only approach may seem like a bold decision, but it may not be the best strategy. It is important to understand achieving exam success requires in-depth knowledge of several different subjects, even for entry level certs. The definitions and understanding of some of these topics may vary, depending on the point of view of ISACA. In practice, this means even if you have firsthand knowledge, some of it may not apply since the ISACA’s view may be quite different from the tasks you are used to doing in the field.
Going through a certification preparation course lets you spend time with an experienced instructor, with actual knowledge on how to beat the exam. It is an excellent opportunity to get all your questions answered, share experiences and strategies, and even network if it is in-person training. This results in a greater success rate on any certification exam.
- Have an Exam-Day Preparation Plan
Before exam day, your primary focus should be on not exhausting yourself and being at your best during the exam.
A few things to remember:
- Is your exam kit ready? Check the candidate guide to make sure you have everything you need for the day of your CRISC exam. This may sound silly, but some candidates fail to even attend the test for not fulfilling basic requirements like providing adequate identification. You may also want to call to your test center to verify you understand the requirements.
- Are you calm and well rested? Many candidates fail because of physical and mental exhaustion. Staying up late doing a final round of study may sound tempting, but last-minute reading is usually not a good thing, and may even leave you anxious. If you think it is important to do a final review, do a selective reading instead. Also, do not focus solely on weaknesses. If you have not mastered a specific topic until now, you may prefer to focus on enhancing the areas where you’re good. A great tool for selective reading is using summaries or glossaries, which have lots of important information, some of which you may have missed during your study sessions. As for the physical side, ingesting (even small amounts) of alcoholic beverages is a really bad idea. If your exam is during the morning, having a balanced breakfast and drinking plenty of water is a very helpful way to make sure you are at your best. If it is during the afternoon, eat a light lunch.
- Did you make the necessary arrangements to be on time at the test site? Candidates may not be admitted to the site if they are late. If you are using public transportation, double check the best routes; if you are driving to the exam site, make sure you know where to park beforehand.
- Clear Your Mind
Here are some last-minute tips to remember on exam day:
- Be aware of time. During the exam, you may reach a high level of concentration I like to call “the zone.” This means a greater focus, which is good for problem solving, but can cause you to lose track of time. What may seem like seconds can be precious minutes; hours tend to pass at a very fast rate, so make sure you have time to go through every question on the exam.
- Take your time reading the questions. Even with limited time, it is important not to rush. Take your time, pay attention to each question and answer option and make sure you understand what is being asked. Watch for distractors (options that are obviously false) in multiple-choice questions that can be quickly eliminated. It is also important to pay close attention to terms such as MOST, LEAST, NOT, ALL, NEVER and ALWAYS, since they can entirely change a sentence. Remember, questions that ask you to pick the “best answer” may have more than one correct option. You must be able to understand and select the most suitable answer for the given situation.
- Try to relax. Remember to stretch and relax your muscles during the exam. A relaxed mind can help you solve difficult questions.
- Remember, there is no reason to panic. Remaining calm will improve your concentration. If you followed your study plan correctly, your results will likely be great; if not, you will have a lot more experience during the next try!
CRISC Instant Pricing- InfoSec
A Final Word
Earning a CRISC certification will set you apart from the crowd and help you advance your career. With a solid plan, quality resources and dedication to exam preparation, any candidate has a good chance for CRISC exam success.