Certified in Risk & Information Systems Control (CRISC) Exam Overview
Enterprises today must continuously improve their infrastructure in order to survive and flourish in today’s competitive business environment. Changes, however, always involve risks. To deal with these risks, enterprises are increasingly seeking professionals who understand IT and how to align and implement effective risk management and control frameworks with business objectives.
Fortunately, the Information Systems Audit and Control Association (ISACA) has developed the CRISC certification program to meet the demand of enterprises by producing CRISC-certified industry experts. The CRISC certification has also been accredited under ISO/IEC 17024 by the American National Standards Institute (ANSI).
What is the Goal of the CRISC Exam?
The CRISC credential rigorously assesses the risk management proficiency of IT experts and other employees within enterprises and financial institutions. The CRISC certification confirms you are well-versed in risk management and understand business risks. It also assures you have the technical knowledge to implement and maintain information system (IS) controls.
CRISC certification has four domains:
- IT Risk Identification—27%
- IT Risk Management—28%
- Risk Response and Mitigation—23%
- Risk and Control Monitoring and Reporting—22%
CRISC certification requires candidates to have three years of work experience managing IT risk by implementing IS controls. Candidates must have a minimum of three years of cumulative work experience across at least two CRISC domains, of which one must be in Domain 1 or 2. In addition, there are no experience waivers or substitutions.
Exam Questions, Time and Language
The CRISC exam includes 150 questions and must be completed in four hours. Additionally, the CRISC exam is offered in three languages, including:
- Chinese Simplified
The fee structure is different for ISACA’s members and non-members:
- ISACA Member: $575 USD
- ISACA Nonmember: $760 USD
There are additional fees for maintaining certification:
- ISACA Member: $45 USD
- ISACA Nonmember: $85 USD
The exam fee is neither refundable nor transferable. You can join ISACA by completing the online registration process on ISACA’s website.
Disabled candidates have access to special accommodations, which are mentioned on the registration form. However, the disabled candidate must prove his/her disability through his/her healthcare professionals.
CRISC Exam Study Community
ISACA provides a special forum, CRISC Exam Study Community, where candidates can share experiences, ideas, questions and study materials.
Examination sites listed in the registration process are tentative. These sites are subject to change and are used for reference only. Before registering and submitting payment for an exam, review this list to ensure there is a site at which you would like to take the exam, as the registration fee for the exam is neither refundable nor transferable. For a tentative listing, visit this site.
Register online following these steps:
- Select your certification by visiting the exam registration page on ISACA website.
- Create a new account, or login to the site if you are already a member. Make sure your name is correct on your government-issued identification (ID); you won’t be able to enter the exam center if your name is not correct on your ID.
- Accept the ISACA’s terms and conditions.
Once the registration and payment are processed, you will be notified with an email that includes information about the certification exam, exam language and how to schedule an exam appointment.
Registration Dates: ISACA has two testing windows remaining for the CRISC exam in 2017. The first testing window dates from August 1. 2017 to September 30, 2017. The second testing window starts November 1, 2017 and runs through December 31, 2017. The registration process for both testing windows is described below.
First testing window:
- Registration opens: May 1, 2017
- Final registration deadline: September 22, 2017
Second testing window:
- Registration opens: August 1, 2017
- Final registration deadline: December 20, 2017
Scheduling Your Exam Appointment
You’ll receive an email once you are eligible to register for your exam. Follow these steps to register:
- Login to ISACA’s website
- Click on the myCertification page
- Click on Schedule Exam URL, which is located in the Pre-Certification Summary section. This will lead you to the scheduling page.
- Follow the instructions to schedule your testing appointment. A scheduling guide is also available on the site.
Rescheduling & Deferrals
Rescheduling: If you cannot take the exam on your scheduled date, you can reschedule the exam without any extra charges if you reschedule 48 hours before your original appointment. Registration charges will be forfeited if you do not reschedule your exam before this deadline.
Deferrals: By paying a $200 USD processing fee, you can defer your canceled or unscheduled exam. You may only defer your exam once. Deferral charges are neither refundable nor transferable.
If you score less than 450 on your exam and fail, you can retake the exam. This requires registration, payment and scheduling of another exam appointment. You can only take the exam one time per testing window. If you fail, you must register for a retake in the upcoming window.
ISACA works through testing partner PSI to administer its exams via computer-based testing locations. You can visit PCI’s
The scheduled exam will be canceled or postponed in the event of severe weather or any other emergency. If this occurs, PSI administration will notify you via email or phone.
Identification (ID) on Exam Day
Candidates must have an acceptable form of ID before entering the testing center. The ID is only accepted if it is a current, original government-issued ID, and includes the candidate’s name, photograph and signature.
Acceptable forms of identification include:
- Driver’s license
- State identity card (non-driver’s license)
- Passport card
- Military ID
- Green card, alien registration or permanent resident card
- National identification card
If you don’t comply with the proper exam policies, such as a late arrival of more than 15 minutes or ID issues, you will not be allowed to enter the testing center. In such circumstances, the exam registration fee will be forfeited.
Exam Day Rules
Every candidate must comply with the following rules:
- Blank paper, notepads and reference material are not allowed in the test center.
- Electronic devices, such as smartphones, smart watches and calculators, are also prohibited.
- Weapons, tobacco products, food, beverages and visitors are not allowed at the testing center.
- Candidates may leave, with permission, to use the restroom or address other emergencies. However, no extra time will be given to complete the exam.
- Violation of policies will end the examination process, and the registration fee will be forfeited.
Apply for CRISC Certification
Successful candidates who not only pass the exam but also meet the work experience requirement can apply for certification. The application for certification must be submitted within five years from the date the exam was passed. If you fail to do so, you are required to retake and pass the exam. Moreover, experience must be obtained within ten years preceding an application date for the credential, or within five years of passing the exam.
Maintaining the CRISC Certification
The CRISC Continuing Professional Education (CPE) policy requires you to collect CPE hours over the annual and three-year CRISC certification period. You must meet the following requirements to maintain your certification.
- The minimum needs of annual CPE hours and three years CPE hours are 20 CPE hours and 120 CPE hours respectively.
- Submit annual CPE maintenance fees to ISACA international headquarters.
- Provide required documentation of CPE activities if audited.
- Adhere to the ISACA’s Code of Professional Ethics.
InfoSec Institutes’ CRISC Boot Camp
Do you want to take the ISACA’s CRISC exam? InfoSec Institute offers a uniquely designed CRISC Boot Camp for candidates seeking the CRISC credential. The goal of this course is to prepare students for certification on IT governance principles and practices. You can enroll in this course to acquire a professional CRISC certification.
Moreover, the InfoSec Institute has been one of the most awarded (42 industry awards) and trusted information security training vendors for 19 years.
InfoSec Institute also offers thousands of articles on a variety of security topics.