In today’s business, risk plays a major role. Almost every business decision requires IT and business professionals to balance risk and reward. Effectively managing business risk is essential to an enterprise success

With the complexity of information systems, increased risk and the need for compliance, it is more important than ever that enterprise develop, recruit and retain employees who can take a comprehensive view of information systems and their relationship to organizational success.

With the CRISC designation comes many professional and personal benefits, including:

Worldwide recognition for professional experience

Enhanced knowledge and skills

Career advancement

Enhanced job placement

The Certified in Risk and Information Systems Control certification (CRISC), pronounced “see-risk,” is intended to recognize a wide range of professionals for their knowledge of enterprise risk and their ability to design, implement and maintain information systems (IS) controls to mitigate such risk.

(See The CRISC designation certifies professionals who have knowledge and experience in identifying and evaluating risk and in designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.

Those who earn the CRISC designation help enterprises benefit from the rising business demands for IT professionals who understand business risk and have the technical knowledge to implement appropriate IS controls.

Recognition for Risk and Control Experience

The CRISC certification is unique because it is focused on both risk and controls. Employers can be assured that CRISC-certified professionals have the proven experience and knowledge to help enterprises accomplish business objectives such as:

Effective and efficient operations and IS control

Risk management.

Compliance with regulatory requirements.

The CRISC designation is designed for professionals responsible for managing enterprise risk through effective IS controls. Such individuals include:

IT professionals, Risk professionals, Control professionals, Business analysts, Project managers, Compliance professionals

The job practice consists of task and knowledge statements, organized by domains. These statements and domains were the result of extensive research and feedback from risk and control SMEs around the world.

The domains and their definitions are as follows:

  • Domain 1— IT Risk Identification (27 percent): Identify risk factors to enable the execution of the enterprise risk management strategy.
  • Domain 2—IT Risk Assessment (28 percent): Assess and evaluate risk factors in a cost-effective manner and in line with business objectives.
  • Domain 3—Risk Response and Mitigation (23 percent): Risk response phase requires management to make decisions regarding the correct ways to respond to and address risk.
  • Domain 4—Risk and Control Monitoring and Reporting (22 percent): Monitor and maintain information systems controls to ensure that they function effectively and efficiently.