Chapter 1 : IT Risk Identification
Risk Capacity, Risk Appetite, and Risk Tolerance
Risk Culture and Communication
Elements of risks
Information security Risk Concepts and principles
The IT Risk Strategy of the Business
IT Concepts and Areas of concern for the Risk Practitioner
Methods of risk identification
IT Risk Scenarios
Ownership and Accountability
The IT Risk Register
Risk Awareness
Chapter 2 : IT Risk Assessment
Risk Assessment Techniques
Analysing Risk Scenarios
Current State of Controls
Change in the Risk Environment
Project and Program Management
Risk and Controls Analysis
Risk Analysis Methodologies
Risk Ranking
Documenting Risk Assessments
Chapter 3 : Risk Response and Mitigation
Aligning, Risk Response with Business Objectives
Risk Response Options
Analysis Techniques
Vulnerabilities Associated with New Controls
Developing a Risk Action Plan
Business Process Review Tools and Techniques
Control Design and Implementation
Control Monitoring and Effectiveness
Types of Risk
Control Activities, Objectives, Practices and Metrics
Systems Control Design and Implementation
Impact of Emerging Technologies on Design and Implementation of Controls
Control Ownership
Risk Management Procedures and Documentation
Chapter 4 : Risk and Control Monitoring and Reporting
Key Risk Indicators
Key Performance Indicators
Data Collection and Extraction Tools and Techniques
Monitoring Controls
Control Assessment Types
Results of Control Assessment
Changes of the IT Risk Profile
Preparation to the exam
Multiple Choice Questions (MCQ) similar to the exam and correction performed together
Discussion and exchanges, hints and tips to pass the exam.
Registration to be made on the site www.isaca.org, the closing of the registration is done 2 months before the date of the examination.
The exam consists of 150 MCQ that cover the CRISC® job practice domains.