Skip to main content


Pass the CRISC® exam on the first attempt

The ISACA Certified in Risk and Information Systems Control® (CRISC®) qualification is awarded to individuals who identify and manage risks through the development, implementation and maintenance of information systems (IS) controls. Launched in 2010, CRISC is internationally recognised and held by over 30,000+ IT professionals worldwide.

The CRISC Exam Preparation course is an on-demand four-day instructor-led classroom session that provides a comprehensive revision programme for the key job practice knowledge domains and exam preparation exercises designed to ensure that delegates pass the exam on the first attempt. The course provides intensive revision for the challenging CRISC exam, moving you closer to achieving the known benefits of CRISC certification such as higher earning potential and career advancement.

  • Length: 4 days
  • Level: Advanced
CRISC Exam Prep agenda

CRISC core curriculum

This course provides the core CRISC competencies required by professionals planning to sit the CRISC exam and prepares you for the exam systematically and comprehensively. The program mirrors the examination structure and covers four CRISC job practice domains:

  • Domain 1: Governance. The content area for this domain will represent approximately 26% of the CRISC examination – 39 questions.
  • Domain 2: IT Risk Assessment. The content area for this domain will represent approximately 20% of the CRISC examination – 30 questions.
  • Domain 3: Risk Response and Reporting. The content area for this domain will represent approximately 32% of the CRISC examination – 48 questions.
  • Domain 4: Information Technology and Security. The content area for this domain will represent approximately 22% of the CRISC examination – 33 questions.

The percentages indicate the emphasis of questions on the exam paper. During the course, you will cover the following aspects for each Domain:

  • Definition
  • Objectives
  • Task and knowledge statements
  • Practice exam questions

The study program includes:

  • An initial CRISC knowledge assessment
  • Classroom presentations of key topics
  • Individual/team exercises and discussion sessions
  • Final exam preparation with example practice questions

Who should attend?

  • CSOs, CISOs and CIOs
  • Risk managers
  • Security auditors.
  • Compliance personnel
  • Information security managers
  • Information security assurance providers
  • Information security staff
  • Security professionals
Team meeting in Asseco Poland S.A.

The CRISC exam

To earn a CRISC certification, candidates must pass the CRISC test with a score of at least 450 (out of a possible 800) and have at least five years of professional experience in IT risk management, assurance, or control. The previous experience requirement must have been within the last ten years preceding the application date for certification.

The CRISC examination runs a multiple-choice format and consists of a long, 4-hour session (240 minutes) with 150 questions. The examination tests the candidate’s knowledge of Information System audit principles and practices, as well as technical content areas.

ISACA uses and reports scores on a common scale from 200 to 800.
  • A candidate must receive a score of 450 or higher to pass.
  • A score of 800 represents a perfect score with all questions answered correctly.
  • A score of 200 represents the lowest score possible and signifies only a small number of questions were answered correctly.


The exam is not taken during this training course. Exam session needs to be booked directly using the ISACA website. My personal training experience shows that delegates have the highest chance of success if they sit the exam approximately two to four weeks after completing the training course.

Contact me (trainer) directly using below form

    Your Name and Surname (required)

    Your Email (required)

    Subject (required)

    Your Message (required)


    A-B-C of Risk Culture

    IT Risk in the Risk Hierarchy

    I&T Risk Scenario development process

    Risk scenario components

    Control Category Interdependencies

    Risk Response Prioritization options

    Additional materials


    Exam Simulator

    After 20 years in IT, and more than 10 years since I passed the CRISC® exam, I’ve decided to give something back to the community. I hope you will find this free exam simulator valuable when studying for the CRISC® exam.

    Review Manual

    A copy of the current CRISC® Review Manual is essential (in theory) for any exam candidate. Unless you already have your copy, you can purchase the CRISC® Review Manual on the official ISACA CRISC website.
    ISACA store


    The “Questions, Answers & Explanations (QAE) Manual” was publicly available a few years ago (definitely, when I was taking the CRISC® exam). Its purpose was to guide and assist question writers, making them more skilled in writing exam questions.

    The Risk IT Framework 2nd Edition

    The MOST important position that MUST be read before the CRISC® exam.

    The Risk IT offers a structured, systematic methodology for enterprise-wide risk management, which is the backbone of the entire CRISC® exam.

    Together with the “The Risk IT Practitioner Guide”, both publications were the most important books that I read before the exam. IMHO they are even more important than the Review Manual itself.

    ISACA website

    The Risk IT Practitioner Guide 2nd Edition

    The MOST important position that MUST be read before the CRISC® exam.

    The Risk IT Practitioner Guide contains practical and more detailed guidance on how to accomplish some of the activities described in the process model, which is the backbone of the entire CRISC® exam.

    Together with the “Risk IT Framework”, both publications were the most important books that I read before the exam. IMHO they are even more important than the Review Manual itself.

    ISACA website

    The ISACA Glossary

    People taking the ISACA exam are generally quite experienced, so it may sound like a joke or an easy way to “fill the gaps” on the website, so UX design is better 🙂

    However, believe me, after passing more than 200 exams, I can say that each organization/certification body has its “flavours” and sometimes slightly different definitions of common topics. So it’s valuable to at least take a glimpse at a glossary once.

    ISACA Glossary

    Mind map

    For self-learning

    Mind Map


    Mirek is highly skilled IT trainer with very wide knowledge in many IT areas. Courses with him are never boring, always rich in many practical (...)

    Grzegorz Morawski
    Grzegorz Morawski ★ PRINCE2, OCE Expert, OCP JavaSE 6, MCT

    Uczestnicząc w szkoleniu z M_o_R spotkałem Mirka – trenera z Pasją dzielenia się wiedzą i doświadczeniem. Niesamowity człowiek, który w tematyce IT (...)

    Default user icon male
    Norbert Tomczyk ★ M_o_R

    Obszerny materiał PRINCE2 został przedstawiony przez Mirka w ciekawej formie, w krótkim czasie trzydniowego szkolenia. Pomaga poukładać wiedzę, nie (...)

    Michal Wojtalewicz
    Michal Wojtalewicz ★ PRINCE2

    I had pleasure to participate in Agile PM® Foundation training led by Miroslaw Dabrowski. Mirek added a lot of practical knowledge based on real (...)

    Piotr Karpiesiuk
    Piotr Karpiesiuk ★ PRINCE2, ITIL Intermediate, AgilePM Practitioner

    It’s the first time I met so enthusiastic and engaged trainer. Mirek has really good contact with students. Connecting it with his deep - practical (...)

    Maciej Rodak
    Maciej Rodak ★ PRINCE2 Practitioner

    Świetnie przeprowadzone szkolenie z metodyki AgilePM. Intensywne z racji dużej ilości materiału, ale równocześnie interesujące i dokładnie omówione. (...)

    Training with Mirek was amazing and I truly recommend him as a trainer. He is IT enthusiast with extensive technology knowledge and great interpersonal and communication skills.

    Jakub Matusiak
    Jakub Matusiak ★ AgilePM Practitioner, PRINCE2, Oracle SOA, SAP Certified Developer

    I had the pleasure of attending a Professional Scrum Product Owner (PSPO-I) course run by Mirek. I found him to be a thoughtful and knowledgable (...)

    Mirek szkolił mnie do egzaminu AgilePM. Powiem tak, nie tylko wiedza przydała się na egzaminie, ale również w pracy IT Project Managera.

    Marta Markiewicz
    Marta Markiewicz ★ PMP, AgilePM

    This course is part of our ISACA Examination Preparation Programme which designed to provide an intensive and complete preparation to help delegates pass the CISA, CISM, CGEIT or CRISC exams.

    Subscribe To Our Newsletter

    Subscribe To Our Newsletter

    Join our mailing list to receive the latest news and updates from our team.


    You have Successfully Subscribed!