Certified In Risk and Information Systems Control (CRISC)
 /  Certified In Risk and Information Systems Control (CRISC)

The course objectives are:

  • To understand the risks faced by the enterprise to their Information Technology (IT) Assets [ includes Data, Applications, Systems & Networks]
  • To understand the risk management activities (Identify, analyse, evaluate, treat and manage Risks to Information Assets Risk) and how it helps to manage the overall Enterprise Risk Management Risks
  • To understand the activities required to design, implement, maintain and monitor the controls which help to manage the risks in a cost-effective manner
  • Understand that risk management must take into consideration the importance of aligning with the enterprise business objective and complying with legislation & regulations and policies 

The course is prepared and delivered by referencing the ISACA CRISC (Certified in Risk and Information Systems Control) Review Manual 6th edition. The intention is that the learner has the overview and foundation to prepare for the ISACA CRISC Exam in addition to gaining the knowledge on IT Risk.  (Below extracted from the ISACA CRISC Manual table of contents)


Domain 1 IT Risk Identification

  • Risk Capacity, Risk Appetite and Risk tolerance
  • Risk Culture, Communication, 
  • Information Security Risk Concepts and Principals
  • IT Risk Strategy of the Business
  • IT Concepts and areas of concern for the Risk Practitioner
  • Methods of risk identification
  • IT Risk Scenarios
  • Awareness, ownership and accountability
  • IT Register


Domain 2 IT Risk Assessment

  • Risk Analysis Methodologies 
  • Risk Assessment techniques 
  • Analysis Risk Scenarios
  • Risk environment and current state of controls
  • Risk and control analysis 
  • Risk evaluation and prioritisation 
  • Project and Program management


Domain 3 Risk Response and Mitigation

  • Align risk response action plan with Business Objectives
  • Business Review tools and techniques
  • Control design, implementation, monitoring, effectiveness and vulnerability check
  • Control activities, objectives, practices and Metrics
  • Impact of emerging technologies on Control design and implementation


Domain 4 Risk and Control Monitoring and Reporting

  • Key Risk and Performance Indicators
  • Data collection and extraction tools and techniques
  • Control Assessment types, results, and Monitoring and Control
  • Change to the Risk profile

This course is developed specifically for those experienced in the management of IT Risk, and the design, implementation, monitoring and maintenance of IS controls.


Minimum of 3 years of cumulative work experience performing the tasks of a CRISC professional across at least 2 of the 4 CRISC domains.

Experience substitution not available.



16 – 18


15 – 17


28 – 30


23 – 25

    Book Now


    Duration: 3 Days

    Course Fee 

    Course Fee w/o GST $1,650.00
    Course Fee w. GST $1,765.50
    SME (Company Sponsored) Singaporean and Permanent Resident
    Singapore Citizens aged 40 years old and above
    Singapore Citizen and Permanent Resident aged 21 years old and above

    Exam Fee

    • Exam Voucher is optional and can be purchase separately for $1,050.00
    • Please contact us for more information @ 6635 5590
    Certification Body
    Need more information?

    Categories: Cyber SecurityISACA

    Related Courses