CRISC Frequently Asked Questions 

CRISC logo 

Get the answers you seek for the topics of Exam Registration & Administration and Certification Requirements.

Exam Registration & Administration
CRISC Certification  | Certification Requirements  |  Exam Content

Exam Registration & Administration

FAQ Questions:

To provide you with an immediate response to your inquiry, we are using this automated response that addresses the most frequently asked questions (FAQs) we are receiving at this time. We hope that your question is answered below, and if so, you will not be receiving a further response from ISACA. If not, your inquiry will be answered as quickly as possible.

PLEASE DO NOT RESEND YOUR MESSAGE.

  1. When will I receive my exam results?
  2. How is the exam scored?
  3. How do I provide comments on testing conditions?
  4. When is the next exam administration?
  5. When does registration begin for the 2017 exams?
  6. What are the exam deadlines?
  7. Can I take the CISA, CISM, CGEIT and CRISC exams in the same exam window?
  8. When can I schedule my 2017 exams?
  9. Where can I find the locations for the 2017 exams?
  10. Where can I find CISA/CISM/CGEIT/CRISC applications for certification?
  11. What are the requirements for CISA/CISM/CGEIT/CRISC certification?

FAQ Answers:

1. When will I receive my exam results?

Candidates will receive a preliminary score on screen at the conclusion of their exam. Candidates do not receive a printout of these results on site. Official results are emailed to candidates within 10 working days of the exam. To ensure the confidentiality of scores, exam results will not be released by telephone or fax.

2. How is the exam scored?

ISACA uses a 200-800 point scale with 450 as the passing mark for the exams. A scaled score is a conversion of the raw score on an exam to a common scale. It is important to note that the exam score is not based on an arithmetic or percent average. For example, the scaled score of 800 represents a perfect score with all 150 questions answered correctly; a scaled score of 200 is the lowest score possible and signifies that only a small number of questions were answered correctly.

A candidate must receive a scaled score of 450 or higher to pass the exam. A score of 450 represents a minimum consistent standard of knowledge as established for the exam by the respective ISACA Certification Committee. The passing score of 450 represents the minimum number of questions that must be answered correctly by the candidate in order to demonstrate practical application of the job task and knowledge statements. A candidate receiving a passing score may then apply for certification if all other requirements are met.

3. How do I provide comments on testing conditions?

Candidates who wish to address any additional comments or concerns about the examination administration, including site conditions or the content of the exam, should contact ISACA international headquarters at support.isaca.org within 48 hours of the conclusion of the test. ISACA does not reissue scores based on question updates, but our subject matter experts use these comments to improve future examinations. ISACA will review comments regarding exam day issues and site concerns prior to the release of the official score report. Please include the following information in your comments: exam ID number, testing site, date tested and any relevant details on the specific issue. Appeals undertaken by a certification exam taker, certification applicant or by a certified individual are undertaken at the discretion and cost of the exam taker, applicant or individual.

4. When is the next exam administration?

The CISA, CRISC, CISM and CGEIT exams will be offered during three testing windows in 2017. These testing windows include 1 May – 30 June 2017, 1 August – 30 September 2017, and 1 November – 30 December 2017. Further information can be found in the Exam Candidate Information Guide at www.isaca.org/examguide.

5. When does registration begin for the 2017 exams?

Registration deadlines and opening information can be found in the Exam Candidate Information Guide at www.isaca.org/examreg.

6. What are the exam deadlines?

For more details on exam windows, dates, deadlines please visit www.isaca.org/examguide

7. Can I take the CISA, CRISC, CISM and CGEIT and exams in the same exam window?

Yes you may take one each of CISA, CRISC, CISM and CGEIT within the same window. You may NOT take the same certification exam more than one time within a window. For example, you may take both the CISA and CRISC in the same window, but you would not be allowed to take the CISA exam more than one time in the same window.

8. When can I schedule my 2017 exams?

Registration and scheduling for each window open on the same day. Once registered for an exam you will receive a confirmation email with instructions on how to proceed to scheduling a testing appointment.

9. Where can I find the locations for the 2017 exams?

Exams are administered at PSI testing locations worldwide. Visit www.isaca.org/examlocations for a listing of the current exam sites. Please note that this list is subject to change as ISACA and its testing vendor (PSI) continue to identify and develop additional testing sites to further increase the network available to candidates. This list will continue to evolve up to and beyond the May/June 2017 testing window.

The information on this page is intended to be a general guideline to plan your test schedule. Test center availability is on a first-come, first-serve basis. The available test dates and times are displayed in real time. PSI is not able to guarantee these dates and times will be available when you choose to pay and schedule for your examination.

10. Where can I find CISA/CISM/CGEIT/CRISC applications for certification?

CISA applications are located at www.isaca.org/cisaapp.
CISM applications are located at www.isaca.org/cismapp.
CGEIT applications are located at www.isaca.org/cgeitapp.
CRISC applications are located at www.isaca.org/criscapp.

11. What are the requirements for CISA/CISM/CGEIT/CRISC certification?

CISA requirements for certification: www.isaca.org/cisarequirements.
CISM requirements for certification: www.isaca.org/cismrequirements.
CGEIT requirements for certification: www.isaca.org/cgeitrequirements.
CRISC requirements for certification: www.isaca.org/criscrequirements.

Exam Registration & Administration :: CRISC Certification
Certification Requirements :: Exam Content


CRISC Certification

  1. What does the CRISC continuing professional education program require?
  2. How do I renew my certification and/or report my CPE?
  3. Does ISACA provide discount on certification maintenance (renewal) fees if I have multiple certifications?
  4. What type of work experience do I need for CRISC certification?
  5. Where can I view details on the job practice domains?
  6. Where can I learn more about the CRISC certification?
  7. How do I best prepare for the CRISC exam?

1. What does the CRISC continuing professional education program require?

In order to become and remain a CRISC, an individual must agree to comply with the CRISC continuing professional education program. This program requires an individual to earn a minimum of 20 CPE hours annually and 120 CPE hours over their 3-year cycle. In addition, an annual maintenance fee of US $45 ISACA member and US $85 non-member is required.

  Download CPE policy

2. How do I renew my certification and/or report my CPE?

To renew the certification requires earning and reporting CPE hours annually and over a fixed 3-year cycle period and paying an annual certification maintenance fee.

 Our CPE reporting system has recently been enhanced and certified individuals are now able to report CPE as they are earned.

  CPE Reporting FAQs

How to report your CPE:

To pay the annual maintenance fee:

If you have forgotten your password, click on the "Forgot Password?" link. After remitting your payment by credit card you will receive a purchase receipt online and via email, in addition to a receipt by postal mail. If you are not paying by credit card and want to pay by check or bank transfer, click the "Pay by Check or Bank Transfer" button when you reach the shopping cart.

3. Does ISACA provide a discount on certification maintenance (renewal) fees if I have multiple certifications?

Yes, for those individuals who renew 3 or more ISACA certifications, ISACA offers a discount on the 3rd and 4th renewal fees of $20 for members and $35 for nonmembers.

4. What type of work experience do I need for CRISC certification?

The Certified in Risk and Information Systems Control certification (CRISC, pronounced “see-risk”) is intended to recognize a wide range of professionals for their knowledge of enterprise risk and their ability to design, implement, monitor, and maintain IS controls to mitigate such risk. It is particularly designed for IT professionals who have hands-on experience with risk identification, assessment and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance. Please see the job tasks and knowledge statements that relate to this certification at Job Practice.

5. Where can I view details on the job practice domains?

Please visit Job Practice to view the CRISC task and knowledge statements.

6. Where can I learn more about the CRISC certification?

Please visit the CRISC page.

7. How do I best prepare for the CRISC exam?

Exam candidates should have a solid understanding of CRISC terminology and concepts. The CRISC exam will primarily align with the terminology and concepts described in The Risk IT Framework, The Risk IT Practitioner Guide, and COBIT 4.1. This will include applications in the evaluation and monitoring of Information Systems (IS)-based risk, as well as the design and implementation of IS controls. It is also critical that the CRISC candidate is familiar with the CRISC Job Practice, and is able to apply the concepts associated with each of the 5 domains.

It is important for a CRISC candidate to be able to distinguish functional terms and apply concepts associated with “risk,” “threats,” and “vulnerabilities.”  These terms should not be used interchangeably.

  • “Risk” refers to the likelihood (or frequency) and magnitude of loss that exists from a combination of asset(s), threat(s), and control conditions.  As a derived value, it cannot take a plural form (i.e., “risks”).  Consequently, when referring to conditions that represent some amount of risk, terms such as “risk factors,” “risk scenarios” or “risk concerns” will be used.
  • “Threat” refers to anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in loss or harm.
  • “Vulnerability” refers to control conditions that are deemed to be deficient relative to requirements or the threat levels being faced.  It is a weakness in design, implementation, operation, or internal controls.

As much of the test focuses on practical application of terminology and concepts, simply reading The Risk IT Framework, The Risk IT Practitioner Guide, and COBIT 4.1 will not lend enough knowledge to pass the CRISC exam. Exam candidates will need to draw from their experience implementing the concepts illustrated.

Exam Registration & Administration :: CRISC Certification
Certification Requirements :: Exam Content


Certification Requirements

  1. What do I need to do if I have received a revocation notice?
  2. Where can I find the CRISC Application for certification?
  3. Is there a fee to apply for certification?
  4. What are the qualifications to earn the CRISC credential?
  5. What does the CRISC continuing professional education policy require?
  6. Do I need to submit documentation for my CPE hours?
  7. Does ISACA provide a discount on certification maintenance (renewal) fees if I have multiple certifications?

1. What do I need to do if I have received a revocation notice?

If you have received a revocation notice, please contact certification@isaca.org.

2. Where can I find the CRISC Application for Certification?

The CRISC application is available at www.isaca.org/criscapp.

3. Is there a fee to apply for certification?

For certification applications received on 1 June 2012 and forward, an application processing fee of US $50 will be required to apply for certification. The application processing fee will support our dedication to efficient and proper processing of certification applications according to industry standards. The fee will also help support the integrity of the application process, which in turn reinforces the strength and reputation of the overall certification programs.

Payment for the CRISC application processing fee can be made online at www.isaca.org/criscpay.

4. What are the qualifications to earn the CRISC credential?

To become CRISC certified requires passage of the CRISC exam and 3 years work experience requirements in the fields of risk management and IS control. A minimum of at least three (3) years of cumulative work experience performing the tasks of a CRISC professional across at least three (3) CRISC domains is required for certification. There are no substitutions or experience waivers. Individuals must apply for certification by completing and submitting a CRISC Application for Certification.

5. What does the CRISC continuing professional education policy require?

In order to become and remain a CRISC an individual must agree to comply with the CRISC continuing professional education program. This program requires an individual to earn a minimum of 20 CPE hours annually and 120 CPE hours over the 3 year cycle years. In addition, an annual maintenance fee of US $45 ISACA member and US $85 non-member is required. To view the CRISC CPE policy, visit www.isaca.org/crisccpepolicy.

6. Do I need to submit documentation for my CPE hours?

Documentation of CPE hours does not need to be provided to ISACA unless you are selected for an audit of your CPE hours. If you are selected for an audit of your CPE hours, you will be notified via email and hard copy via the postal mail.

7. Does ISACA provide a discount on certification maintenance (renewal) fees if I have multiple certifications?

Yes, for those individuals who renew 3 or more ISACA certifications, ISACA offers a discount on the 3rd and 4th renewal fees of $20 for members and $35 for nonmembers

Exam Registration & Administration :: CRISC Certification
Certification Requirements :: Exam Content


Exam Content

  1. How long is the exam?
  2. What does the CRISC exam cover?

1. How long is the exam?

A candidate is given 4 hours to complete a 150-question multiple-choice exam.

2. What does the CRISC exam cover?

The CRISC exam covers 4 risk and control job practice areas, each of which is further defined and detailed through task and knowledge statements. For more complete details, please go to CRISC Job Practice areas.

Exam Registration & Administration :: CRISC Certification
Certification Requirements :: Exam Content