CRISC® Boot Camp

  • Approved courseware
  • Industry expert trainers
  • 28 contact hours
  • Quizzes & workshops
  • Practice exams


The Certified in Risk and Information Systems Control (CRISC®) certification from ISACA is a valuable credential which testifies to a practitioner’s expertise in identifying and managing IT risk, and implementing and managing information system controls. It also offers the knowledge and credibility necessary while interacting with stakeholders, peers, and regulators.

With the CRISC Boot Camp, you will go beyond preparing for the certification exam to enhance your knowledge and skills on enterprise risk management and control. That way, you can be sure of improving your on-the-job performance. This, in turn, makes you a valuable addition to your team and an integral member for assessing, governing, and mitigating risk.

Learning Objectives

In addition to preparing you for the CRISC certification examination, this course will help you achieve the following learning objectives as defined by ISACA:

  • Identify the IT risk management strategy in support of business objectives and alignment with the Enterprise Risk Management (ERM) strategy. 
  • Analyze and evaluate IT risk to determine the likelihood and impact on business objectives to enable risk-based decision making. 
  • Determine risk response options and evaluate their efficiency and effectiveness to manage risk in alignment with business objectives. 
  • Continuously monitor and report on IT risk and controls to relevant stakeholders to ensure the continued efficiency and effectiveness of the IT risk management strategy and its alignment with business objectives. 

Who Should Attend this Training

  • Professionals who wish to achieve the CRISC qualification 
  • Risk professionals
  • IT professionals
  • Control professionals
  • Compliance professionals
  • Project managers
  • Business analysts


There are no prerequisites for attending this course or attempting the certification exam. However, you will need to meet the following requirements to become certified:

  • Demonstrate a minimum of three years of work experience across at least two of the four domains of CRISC; one of these domains must be IT Risk Identification or IT Risk Assessment
  • Adhere to the Continuing Professional Education (CPE) Program
  • Adhere to the Code of Professional Ethics

Examination Format

  • 150 multiple choice questions
  • Four (4) hours duration
  • Passing criteria is 450 points from 800 (scaled results)
  • Closed book

What’s Next?

CRISC qualified professionals can further expand their knowledge and skill by pursuing other valuable risk and audit certifications such as ISO 31000 Risk Management and Certified Information Systems Auditor (CISA).

Connect With Us

Training Delivery Options

Instructor-Led Training

Features include

  • Train with the best instructors wherever you are
  • Gain access to quizzes, exams, and valuable resources
  • Interact with instructors in real-time for maximum learning
View Schedule
Corporate Training

Features include

  • Flexible pricing and schedule at your ease
  • Self-paced and instructor-led training options
  • Comprehensive learner assistance and support
Contact us


  • Collect and review environmental risk data
  • Identify potential vulnerabilities to people, processes and assets
  • Develop IT scenarios based on information and potential impact to the organization
  • Identify key stakeholders for risk scenarios
  • Establish risk register
  • Gain senior leadership and stakeholder approval of the risk plan
  • Collaborate to create a risk awareness program and conduct training

  • Analyze risk scenarios to determine likelihood and impact
  • Identify current state of risk controls and their effectiveness
  • Determine gaps between the current state of risk controls and the desired state
  • Ensure risk ownership is assigned at the appropriate level
  • Communicate risk assessment data to senior management and appropriate stakeholders
  • Update the risk register with risk assessment data

  • Align risk responses with business objectives
  • Develop consult with and assist risk owners with development risk action plans
  • Ensure risk mitigation controls are managed to acceptable levels
  • Ensure control ownership is appropriately assigned to establish accountability
  • Develop and document control procedures for effective control
  • Update the risk register
  • Validate that risk responses are executed according to risk action plans

  • Risk and control monitoring and reporting
  • Define key risk indicators (KRIs) and identify key performance indicators (KPIs) to enable performance measurement key risk indicators (KRIs) and key performance indicators (KPIs)
  • Determine the effectiveness of control assessments
  • Identify and report trends/changes to KRIs/KPIs that affect control performance or the risk profile

Exam & Certification FAQs

What does the CRISC exam cover?

The certification examination will test you on the following domains, which are shown with their average weights:

  • Domain 1: IT Risk Identification (27%)
  • Domain 2: IT Risk Assessment (28%)
  • Domain 3: Risk Response and Mitigation (23%)
  • Domain 4: Risk and Control Monitoring and Reporting (22%)

To increase your chances of becoming certified, you can find exam study materials here.

When will I receive my examination score?

Certification candidates will be able to view their preliminary results upon completing their examination. Their official scores are communicated within 10 working days.


What if I do not pass the exam the first time?

If you do not pass the first time, you can retake the exam three more times within 12 months from the date of your first attempt. However, you will need to wait 30 days after your first attempt. If you need to retake the exam for the third time, you need to wait 90 days after the second attempt. For those retaking the exam for the fourth time, a waiting period of 90 days after the third attempt is required.


Will I need to maintain my certification status?

Yes, you will need to comply with the following requirements to retain your CRISC certification:

  • Earn and report a minimum of 20 Continuing Professional Education (CPE) hours annually 
  • Earn and report a minimum of 120 CPE hours for a period of three years
  • Pay the annual maintenance fee
  • Comply with the CPE audit if selected 
  • Comply with the Code of Professional Ethics


What will happen to my certification status if I no longer practice or decide to retire?

ISACA offers a Non-Practicing and a Retired status for professionals as long as they meet certain requirements.

The Non-Practicing status is provided to active certification holders who have short- or long-term unemployment or disability, no longer work in the field but wish to retain their certification, or have extenuating circumstances which have been approved by the Certification Working Group. Non-practicing CRISC professionals will need to pay the annual maintenance fee even if they do not earn CPEs.

As for the Retired status, this is provided to professionals who are above 55 years of age and have retired from their profession, or those unable to perform specific job functions due to permanent disability. Unlike the Non-Practicing status, practitioners cannot return to Active once they retire. They will need to re-take and pass the certification exam before re-applying for the certification.

Connect With Us

Why Choose LearningCert As Your Training Partner?

Accredited course material

Our training materials received approval by relevant accreditation bodies to assure learners of high quality and consistency.

Accredited Training Organization

LearningCert has been approved by relevant accreditation bodies, and has been licensed to deliver each of the courses offered.

Excellent feedback

From high levels of engagement to quality materials, our courses have received an ‘Excellent’ rating from trainees.

At your premises

Get more from your training and achieve learning objectives faster at your preferred location, at your preferred time.


User Registration


Reset Password