Certified in Risk and Information Systems Control

Inquire now

Duration 4 days – 28 hrs

 

Overview

 

The CRISC Training Course prepares professionals to identify, assess, and manage IT and enterprise technology risk, and to design, implement, and maintain effective risk controls. This course aligns with the CRISC job practice domains and equips participants with practical techniques for risk governance, risk assessment, control design/testing, and ongoing monitoring and reporting supporting readiness for the CRISC certification exam and real-world risk management responsibilities.

 

Objectives

 

  • Explain key concepts of IT risk management and how CRISC aligns with governance and business objectives.
  • Establish and communicate a technology risk management strategy and risk appetite/tolerance concepts.
  • Perform technology risk identification, analysis, evaluation, and risk response planning.
  • Design and evaluate risk and control frameworks, including preventive/detective/corrective controls.
  • Support control implementation and validation (testing/assurance) using practical approaches.
  • Develop KRIs, dashboards, and reporting to stakeholders for risk and control monitoring.
  • Apply CRISC-aligned techniques to common scenarios (third-party risk, change risk, cloud risk, cyber risk, project risk).
  • Strengthen exam readiness through domain mapping, practice questions, and scenario-based drills.

 

 

Audience

  • IT Risk Managers / Officers, Technology Risk Analysts
  • IT Governance, Risk & Compliance (GRC) practitioners
  • Internal/IT Auditors and assurance professionals shifting toward risk ownership
  • Information Security / Cybersecurity leads involved in risk-based controls
  • Business continuity / resilience professionals
  • IT Managers / Project Managers / Product Owners with risk/control responsibilities
  • Professionals pursuing CRISC certification

 

Prerequisites

  • Basic knowledge of IT systems and common controls
  • Familiarity with risk concepts (likelihood/impact, mitigation, residual risk)
  • Exposure to audit, compliance, security, or IT operations is helpful

 

Course Content

 

Module 0: Orientation & Exam Mapping

 

  • What CRISC is and who it’s for
  • Certification pathway: exam blueprint, question style, and study approach
  • CRISC domains, task statements, and how the course maps to them
  • Baseline assessment quiz (optional)

 

Domain 1: Governance (IT Risk Management Strategy)

 

  • Principles of IT risk governance and business alignment
  • Risk appetite, tolerance, and acceptable risk
  • Roles and responsibilities: three lines model, risk ownership, escalation paths
  • Policies, standards, and enterprise governance integration
  • Building a risk management strategy and operating model
  • Stakeholder communication and decision enablement
    Workshop: Draft a risk strategy one-pager and RACI for a sample organization

 

Domain 2: IT Risk Assessment

 

  • Risk identification methods: process mapping, threat modeling (high-level), interviews, data review
  • Asset/value identification and risk scenario development
  • Inherent vs residual risk; control strength concepts
  • Qualitative and quantitative approaches (when to use each)
  • Risk analysis: likelihood, impact dimensions (financial, operational, regulatory, reputational)
  • Risk evaluation and prioritization: heat maps, risk register design
  • Risk response planning: avoid/mitigate/transfer/accept
    Workshop: Build a risk register and perform scoring for multiple scenarios

 

Domain 3: Risk Response and Reporting (Risk Treatment & Communication)

 

  • Selecting risk responses and documenting justification
  • Control selection approaches: baseline, risk-based, control objectives
  • Risk treatment plans: owners, milestones, resources, dependencies
  • Third-party and vendor risk: assessment, contractual controls, ongoing monitoring
  • Risk reporting: stakeholder-specific reporting, dashboards, and narratives
  • Exception management, waivers, and risk acceptance workflow
    Workshop: Create a risk treatment plan + executive risk report slide

 

Domain 4: Information Technology and Security (Control Design, Implementation, Monitoring)

 

  • Control types and control design principles
  • Control lifecycle: design → implement → operate → monitor → improve
  • Control testing and assurance: evidence, sampling, walkthroughs, effectiveness criteria
  • Common control areas and risk/control examples:
    • Access management (IAM)
    • Change & release management
    • Incident response and problem management
    • Backup, DR, business continuity
    • Data protection and privacy controls
    • Logging/monitoring, vulnerability management
    • Cloud/shared responsibility basics
  • Metrics: KRIs/KPIs, thresholds, trend analysis, risk events
    Workshop: Define a control set and testing plan for a high-risk process

 

Integrated Case Studies (Scenario-Based Practice)

 

  • Case 1: Cloud migration risk assessment and control recommendations
  • Case 2: Vendor onboarding with data processing risk + contract controls
  • Case 3: Major change implementation and go/no-go risk decision
  • Case 4: Security incident post-mortem: risk event, root cause, control improvements
  • Building a mini “CRISC pack”: risk register + treatment plan + monitoring dashboard

 

Exam Preparation & Final Review

 

  • Domain-by-domain recap and common pitfalls
  • Time management strategy for the exam
  • Practice questions and rationales (mock exam-style)
  • Personal study plan and next steps

 

Inquire now

Best selling courses

Duration 3 days – 21 hrs   Overview    This Portfolio Management Training Course is designed to provide banking professionals with a comprehensive understanding of how to effectively manage investment and credit portfolios. Participants will gain insights into strategic allocation, performance measurement, risk management, and optimization of banking portfolios to align with regulatory requirements and...

Duration 2 days – 14 hrs   Overview   This comprehensive Planning and Forecasting Training Course is designed to empower professionals with the tools and techniques necessary to accurately predict future outcomes and develop strategic, operational, and financial plans. The course provides a structured approach to planning and forecasting, integrating both qualitative and quantitative methods....

Duration 3 days – 21 hours   Overview   This Beginner-to-Intermediate PostgreSQL Training Course is designed to build strong foundational skills in PostgreSQL while preparing participants to confidently work with real-world database tasks in modern environments.   Participants will learn how PostgreSQL works, how to write efficient SQL queries, how to design and manage database...

RISK MANAGEMENT

Liquidity Risk Management

Duration 5 days – 35 hrs   Overview.   This Liquidity Risk Management Training Course is tailored for banking professionals in the Philippines, focusing on the skills and knowledge necessary to manage liquidity risk effectively. Participants will learn how to assess liquidity risk, apply regulatory standards, and develop strategies to maintain adequate cash flow and...

Duration 5 days – 35 hrs   Overview    This 5-day advanced training course is designed for senior PMO leaders, program managers, PMO directors, and executives aiming to enhance their leadership capabilities and transform their PMOs into strategic business drivers. The course will explore advanced concepts in PMO strategy, digital transformation, innovation, business case development,...

TRAINOSYS CUSTOMIZED COURSE

Data Analytics from SQL to Power BI

The “Data Analytics from SQL to Power BI” training course is a comprehensive program designed to equip participants with the knowledge and skills necessary to analyze and visualize data using SQL and Power BI. Over the course of five days, participants will learn essential data analytics concepts, master SQL querying techniques for data retrieval and...

Duration 2 days – 14 hrs   Overview   This course provides a comprehensive understanding of the Anti-Money Laundering Act (AMLA) of the Philippines and techniques for identifying and handling counterfeit money. It equips participants with the knowledge to detect suspicious transactions, fulfill AML compliance obligations, and mitigate financial crime risks. Real-world case studies, regulatory...

Duration 2 days – 14 hrs   Overview   This course introduces participants to the principles and tools of data visualization and dashboard design. It focuses on transforming raw data into compelling, clear, and actionable visuals that support decision-making. Participants will explore visualization best practices, storytelling techniques, and hands-on tools (such as Excel, Power BI,...

We use cookies on our website to personalize your experience by storing your preferences and recognizing repeat visits. By clicking “Accept”, you agree to the use of all cookies. You can also select “Cookie Settings” to adjust your preferences and provide more specific consent. Cookie Policy