ISACA, the global association of IT audit, risk, governance, and security professionals has recently announced its new risk management certification. The certified in risk and information systems control (CRISC) certification is designed for IT professionals who identify and manage risks through the development, implementation and maintenance of information system (IS) controls.
ISACA has established CRISC (pronounced "see risk") to recognize IT professionals with skills and abilities related to risk identification, assessment and evaluation, risk response, risk monitoring, IS control design and implementation, IS control monitoring and maintenance. The first CRISC risk management certification exam will be administered in 2011.
A grandfathering program, through which experienced professionals can earn the risk management certification without passing an exam, will open in April 2010. Anand Shenoy, the president of ISACA's Mumbai Chapter informs that risk professionals with extensive experience in the field need not go through the exam. "They will have to submit documentary proof of experience in specified areas to get this certification," says Shenoy. "Also, risk management professionals can learn more about CRISC, the new Risk IT framework, and the latest risk management best practices at Asia-Pacific CACS in Mumbai," he adds.
The ISACA press release mentions that CRISC risk management certification complements ISACA's three existing certifications: certified information systems auditor (CISA), certified information security manager (CISM), and the newer certified in the governance of enterprise IT (CGEIT). It explains the correlation between the CRISC risk management certification and existing ISACA certifications in the following manner.
• CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness; CRISC risk management certification is for IT and business professionals who design, implement and maintain IS controls.
• CISM is for individuals who manage, design, oversee and/or assess an enterprise's information security, including the identification and management of information security risks; CRISC risk management certification is for IT professionals whose roles also encompass operational and compliance considerations.
• CGEIT is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management; CRISC risk management certification is for IT and business professionals who are engaged at an operational level to mitigate risk.
Additional information about the CRISC risk management certification is available at ISACA's official CRISC page.