CRISC Frequently Asked Questions 

CRISC logo 

Get the answers you seek for the topics of Exam Registration & Administration and Certification Requirements.

Exam Registration & Administration :: CRISC Certification
Certification Requirements :: Exam Content

Exam Registration & Administration

  1. When will I receive my admission ticket for the June 2012 exam?
  2. What is the exact location of the test site for my June 2012 exam?
  3. What time should I arrive at the exam site?
  4. Can I still defer my June 2012 exam?
  5. What should I bring to the exam?
  6. What is the next exam date?
  7. When will registration open for the 8 December 2012 exam?
  8. How do I provide comments on testing conditions?
  9. How is the exam scored?

1. When will I receive my admission ticket for the June 2012 exam?

Admission tickets for the June 2012 exam were released via email on 27 April 2012. Hard copy tickets will be sent to candidates the week of 30 April 2012 via the post. Candidates can use either a print out of the email e-ticket or the postal copy for entry into the exam.

Candidates can also reprint the ticket online. To reprint, login to www.isaca.org, click on the My ISACA tab and then click on the myCERTIFICATIONS tab where you will find a link to “Print CRISC Admission Ticket”.

2. What is the exact location of the test site for my June 2012 exam?

The exam details, including the exact exam location, will be listed on your exam admission ticket. To ensure that you arrive in plenty of time for the exam, we recommend that you become familiar with the exact location and the best travel route to your exam site prior to the date of the exam. Test center phone numbers and web site references will be provided (when available) to assist you in obtaining directions to the facility.

3. What time should I arrive at the exam site?

Your arrival time will be listed on your exam ticket. Please check your admission ticket for the exam time for your exam location as time can vary by site.

NO CANDIDATE WILL BE ADMITTED TO THE TEST CENTER ONCE THE CHIEF EXAMINER BEGINS READING THE ORAL INSTRUCTIONS. Any candidate who arrives after the oral instructions have begun will not be allowed to sit for the exam and will forfeit their registration fee.

4. Can I still defer my June 2012 exam?

Candidates unable to take the exam can request a deferral of their registration fees to the next exam date. From 21 April through 24 May, a processing fee of US $100 will be charged. Deferral requests will not be accepted after 24 May 2012. To request a deferral, please go to www.isaca.org/examdefer to complete the process. The exam and deferral fees are nonrefundable. Please note: Deferral requests will not be processed until deferral fees have been paid in full. Payment is due in full by 9 June 2012. All deadlines are based upon Chicago, Illinois USA, 5PM CT (central time).

5. What should I bring to the exam?

In addition to your admission ticket, bring several sharpened No. 2 or HB pencils, an eraser, and an acceptable form of photo identification such as a driver’s license, passport or government ID. This ID must be a current and original government issued identification that contains both your name as it appears on the admission ticket and your photograph. Any candidate who does not provide an acceptable form of identification will not be allowed to sit for the exam and will forfeit their registration fee.

Candidates are not allowed to bring any type of communication device (i.e., cell phone, PDA, Blackberry, etc.) into the test center. If a candidate is observed with any communication device during the exam administration, his/her exam will be voided and he/she will be asked to immediately leave the test site.

Please visit www.isaca.org/cisabelongings, www.isaca.org/cismbelongings, www.isaca.org/cgeitbelongings, and www.isaca.org/criscbelongings for a list of items which are permitted and are not permitted in the exam site.

6. What is the next exam date?

The next exam date is 8 December 2012.

7. When will registration open for the 8 December 2012 exam?

Registration for the 8 December 2012 exam will open mid June. Once open, you can register at www.isaca.org/examreg

8. How do I provide comments on testing conditions?

Candidates wishing to comment on the test administration conditions may do so at the conclusion of the testing session by completing the “Test Administration Questionnaire.” The Test Administration Questionnaire is presented at the back of the examination booklet and your questionnaire answers should be entered in boxes P through S of the Special Codes section (Grid No. 4) on the front of your Answer Sheet.

Candidates who wish to address any additional comments or concerns about the examination administration or content of the examination should contact ISACA international headquarters by e-mail (exam@isaca.org). These comments or concerns are to be received by ISACA within 2 weeks after the examination date. Only those comments received by ISACA during the first 2 weeks after the exam administration will be considered in the final scoring process of the examination.

9. How is the exam scored?

ISACA uses a 200-800 point scale with 450 as the passing mark for the exams. A scaled score is a conversion of the raw score on an exam to a common scale. It is important to note that the exam score is not based on an arithmetic or percent average. For example, the scaled score of 800 represents a perfect score with all 200 questions answered correctly; a scaled score of 200 is the lowest score possible and signifies that only a small number of questions were answered correctly.

A candidate must receive a scaled score of 450 or higher to pass the exam. A score of 450 represents a minimum consistent standard of knowledge as established for the exam by the respective ISACA Certification Committee. The passing score of 450 represents the minimum number of questions that must be answered correctly by the candidate in order to demonstrate practical application of the job task and knowledge statements. A candidate receiving a passing score may then apply for certification if all other requirements are met.

Exam Registration & Administration :: CRISC Certification
Certification Requirements :: Exam Content

CRISC Certification

  1. What does the CRISC continuing professional education program require?
  2. How can I renew my certification for 2012?
  3. How can I report my CPE?
  4. Does ISACA provide discount on certification maintenance (renewal) fees if I have multiple certifications?
  5. What type of work experience do I need for CRISC certification?
  6. Where can I view details on the job practice domains?
  7. Where can I learn more about the CRISC certification?
  8. How do I best prepare for the CRISC exam?

1. What does the CRISC continuing professional education program require?

In order to become and remain a CRISC, an individual must agree to comply with the CRISC continuing professional education program. This program requires an individual to earn a minimum of 20 CPE hours annually and 120 CPE hours over their 3-year cycle. In addition, an annual maintenance fee of US $40 ISACA member and US $85 non-member is required.

  Download CPE policy

2. How can I renew my certification for 2012?

Log in at www.isaca.org – click the MY ISACA tab at the top of the page and then click the RENEW button within the page. Renewal of your certification requires payment of the annual maintenance fee and reporting the required CPE hours.

If you have forgotten your password, click on the "Forgot Password?" link. After remitting your payment by credit card you will receive a purchase receipt online and via email, in addition to a receipt by postal mail. If you are not paying by credit card and want to pay by check or bank transfer, click the "Pay by Check or Bank Transfer" button when you reach the shopping cart.

3. How can I report my CPE?

To update or enter CPE hours, log in to www.isaca.org using your personalized login credentials.

  • Click on the MY ISACA tab at the top of the page
  • Click on My CERTIFICATIONS tab
  • Click the Edit MY CPE Hours link>
  • Click on My Demographic, Certification CPE and Other Information tab.  Scroll to the bottom of the page to view and edit the appropriate CPE fields
  • Enter CPE hours - then click Save at the bottom of the page

You may also use this form to update personal contact, demographic and professional information.

4. Does ISACA provide a discount on certification maintenance (renewal) fees if I have multiple certifications?

Yes, for those individuals who renew 3 or more ISACA certifications, ISACA offers a discount on the 3rd and 4th renewal fees of $15 for members and $35 for nonmembers.

5. What type of work experience do I need for CRISC certification?

The Certified in Risk and Information Systems Control certification (CRISC, pronounced “see-risk”) is intended to recognize a wide range of professionals for their knowledge of enterprise risk and their ability to design, implement, monitor, and maintain IS controls to mitigate such risk. It is particularly designed for IT professionals who have hands-on experience with risk identification, assessment and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance. Please see the job tasks and knowledge statements that relate to this certification at Job Practice.

6. Where can I view details on the job practice domains?

Please visit Job Practice to view the CRISC task and knowledge statements.

7. Where can I learn more about the CRISC certification?

Please visit the CRISC page.

8. How do I best prepare for the CRISC exam?

Exam candidates should have a solid understanding of CRISC terminology and concepts. The CRISC exam will primarily align with the terminology and concepts described in The Risk IT Framework, The Risk IT Practitioner Guide, and COBIT 4.1. This will include applications in the evaluation and monitoring of Information Systems (IS)-based risk, as well as the design and implementation of IS controls. It is also critical that the CRISC candidate is familiar with the CRISC Job Practice, and is able to apply the concepts associated with each of the 5 domains.

It is important for a CRISC candidate to be able to distinguish functional terms and apply concepts associated with “risk,” “threats,” and “vulnerabilities.”  These terms should not be used interchangeably.

  • “Risk” refers to the likelihood (or frequency) and magnitude of loss that exists from a combination of asset(s), threat(s), and control conditions.  As a derived value, it cannot take a plural form (i.e., “risks”).  Consequently, when referring to conditions that represent some amount of risk, terms such as “risk factors,” “risk scenarios” or “risk concerns” will be used.
  • “Threat” refers to anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in loss or harm.
  • “Vulnerability” refers to control conditions that are deemed to be deficient relative to requirements or the threat levels being faced.  It is a weakness in design, implementation, operation, or internal controls.

As much of the test focuses on practical application of terminology and concepts, simply reading The Risk IT Framework, The Risk IT Practitioner Guide, and COBIT 4.1 will not lend enough knowledge to pass the CRISC exam. Exam candidates will need to draw from their experience implementing the concepts illustrated.

Exam Registration & Administration :: CRISC Certification
Certification Requirements :: Exam Content

Certification Requirements

  1. What do I need to do if I have received a revocation notice?
  2. Where can I find the CRISC Application for certification?
  3. Is there an application fee?
  4. What are the qualifications to earn the CRISC credential?
  5. What does the CRISC continuing professional education policy require?
  6. How can I earn CPE credits online?
  7. How do I submit my annual continuing professional education (CPE) hours to ISACA?
  8. Do I need to submit documentation for my CPE hours?
  9. How can I renew my certification for 2012?
  10. How can I report my CPE?
  11. Does ISACA provide a discount on certification maintenance (renewal) fees if I have multiple certifications?

1. What do I need to do if I have received a revocation notice?

If you have received a revocation notice, please contact certification@isaca.org.

2. Where can I find the CRISC Application for Certification?

The CRISC application is available at www.isaca.org/criscapp.

3. Is there an application fee?

For all applications received 1 June 2012 and after, there will be a US $50 application fee required in order to process ISACA applications for certification.

4. What are the qualifications to earn the CRISC credential?

To become CRISC certified requires passage of the CRISC exam and 3 years work experience requirements in the fields of risk management and IS control. A minimum of at least three (3) years of cumulative work experience performing the tasks of a CRISC professional across at least three (3) CRISC domains is required for certification. There are no substitutions or experience waivers. Individuals must apply for certification by completing and submitting a CRISC Application for Certification.

5. What does the CRISC continuing professional education policy require?

In order to become and remain a CRISC an individual must agree to comply with the CRISC continuing professional education program. This program requires an individual to earn a minimum of 20 CPE hours annually and 120 CPE hours over the 3 year cycle years. In addition, an annual maintenance fee of US $40 ISACA member and US $85 non-member is required. To view the CRISC CPE policy, visit www.isaca.org/crisccpepolicy.

6. How can I earn CPE credits online?

ISACA members can earn CPE hours by taking and passing an ISACA Journal CPE Quiz online. One CPE hour is awarded per quiz. ISACA members may also earn CPEs online by participating in webinars and Virtual Trade Shows. These events may be accessed live or on demand via the archives. For more information, please go to www.isaca.org/elearning. In order to claim the CPE hours, a passing score must be earned on the quiz.

7. How do I submit my annual continuing professional education (CPE) hours to ISACA?

CPE hours are reported annually during the renewal process, which begins in October/November of each year. At renewal time, you will be asked to report the total number of CPE hours that you earned during that cycle year. Please keep track of your activities and retain the supporting documentation so that you are able to properly report your hours. You will be sent an email notification when the renewal process opens each year. At that time, go to our web site, pay your annual dues and report your CPE hours at www.isaca.org/renew. Alternatively, you can wait until we send you the hard copy annual invoice and use that as the mechanism to make your payment and report your CPE hours.

8. Do I need to submit documentation for my CPE hours?

Documentation of CPE hours does not need to be provided to ISACA unless you are selected for an audit of your CPE hours. If you are selected for an audit of your CPE hours, you will be notified via email and hard copy via the postal mail.

9. How can I renew my certification for 2012?

Log in at www.isaca.org – click the MY ISACA tab at the top of the page and then click the RENEW button within the page. Renewal of your certification requires payment of the annual maintenance fee and reporting the required CPE hours.

If you have forgotten your password, click on the "Forgot Password?" link. After remitting your payment by credit card you will receive a purchase receipt online and via email, in addition to a receipt by postal mail. If you are not paying by credit card and want to pay by check or bank transfer, click the "Pay by Check or Bank Transfer" button when you reach the shopping cart.

10. How can I report my CPE hours?

To update or enter CPE hours, log in to www.isaca.org using your personalized login credentials.

  • Click on the MY ISACA tab at the top of the page
  • Click on My CERTICATIONS tab
  • Click on Edit MY CPE Hours link
  • Click on My Demographic, Certification CPE and Other Information tab. Scroll to the bottom of the page to view and edit the appropriate CPE fields
  • Enter CPE hours – then click Save at the bottom of the page

You may also use this form to update personal contact, demographic and professional information.

11. Does ISACA provide a discount on certification maintenance (renewal) fees if I have multiple certifications?

Yes, for those individuals who renew 3 or more ISACA certifications, ISACA offers a discount on the 3rd and 4th renewal fees of $15 for members and $35 for nonmembers

Exam Registration & Administration :: CRISC Certification
Certification Requirements :: Exam Content

Exam Content

  1. How long is the exam?
  2. What does the CRISC exam cover?

1. How long is the exam?

A candidate is given 4 hours to complete a 200-questions multiple-choice exam.

2. What does the CRISC exam cover?

The CRISC exam covers 5 risk and control job practice areas, each of which is further defined and detailed through task and knowledge statements. For more complete details, please go to CRISC Job Practice areas.

Exam Registration & Administration :: CRISC Certification
Certification Requirements :: Exam Content