loader

Training & Certifications

CRISC® (Certified in Risk Information System Control®)


Offered by ISACA®, Certified in Risk and Information Systems Control® (CRISC®) certification will make you a Risk Management expert. The CRISC® training program offered by Multimatics is designed to help participants understand better how to enhance their company’s business resilience, deliver stakeholder value and optimize Risk Management across the enterprise. The training material is prepared based on the latest edition of CRISC®, accompanied by discussions and exercises to work on the questions.

Multimatics is an Authorized Training Partner for the CRISC® training and certification program accredited by the ISACA®.


At the end of the program, the participants will be able to :

  1. Understand about an organization’s business and IT environments, organizational strategy, goals and objectives
  2. Examine potential or realized impacts of IT risk to the organization’s business objectives and operations, including Enterprise Risk Management and Risk Management Framework
  3. Understand about the threats and vulnerabilities to the organization’s people, processes and technology as well as the likelihood and impact of threats, vulnerabilities and risk scenarios
  4. Understand about the development and management of risk treatment plans among key stakeholders, the evaluation of existing controls and improving effectiveness for IT risk mitigation, and the assessment of relevant risk and control information to applicable stakeholders
  5. Understand the alignment of business practices with Risk Management and Information Security frameworks and standards, as well as the development of a risk-aware culture and implementation of security awareness training

The program is designed for a mid-career risk and security professionals tasked with IT/IS audits.


The program is a 5-day intensive training class.


The program provided by Multimatics will be delivered through interactive presentation by professional instructor(s), group debriefs, individual and team exercises, behavior modelling and roleplays, one-to-one and group discussion, case studies, and projects.


Have a three (3) or more years of experience in IT risk management and IS control. No experience waivers or substitutions


Participants will take CRISC® Exam which consists of 150 multiple choice questions. They will be given 4 hours to finish the exam. Participants who successfully passed the exam will be given an official Certified in Risk and Information Systems Control (CRISC®) certification from ISACA®.


  1. The Big Picture: How Risk Management Relates to Risk Governance

    1. Organizational Strategy, Goals, and Objectives
    2. Organizational Structure, Roles and Responsibilities
    3. Organizational Culture
    4. Policies and Standards
    5. Business Processes
    6. Organizational Assets
  2. Risk Governance

    1. Enterprise Risk Management and Risk Management Framework
    2. Three Lines of Defense
    3. Risk Profile
    4. Risk Appetite and Risk Tolerance
    5. Legal, Regulatory and Contractual Requirements
    6. Professional Ethics of Risk Management
  1. IT Risk Identification

    1. Risk Events (e.g., contributing conditions, loss result)
    2. Threat Modelling and Threat Landscape
    3. Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
    4. Risk Scenario Development
  2. IT Risk Analysis and Evaluation

    1. Risk Assessment Concepts, Standards and Frameworks
    2. Risk Register
    3. Risk Analysis Methodologies
    4. Business Impact Analysis
    5. Inherent and Residual Risk
  1. Risk Response

    1. Risk Treatment / Risk Response Options
    2. Risk and Control Ownership
    3. Third-Party Risk Management
    4. Issue, Finding and Exception Management
    5. Management of Emerging Risk
  2. Control Design and Implementation

    1. Control Types, Standards and Frameworks
    2. Control Design, Selection and Analysis
    3. Control Implementation
    4. Control Testing and Effectiveness Evaluation
  3. Risk Monitoring and Reporting

    1. Risk Treatment Plans
    2. Data Collection, Aggregation, Analysis and Validation
    3. Risk and Control Monitoring Techniques
    4. Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
    5. Key Performance Indicators
    6. Key Risk Indicators (KRIs)
    7. Key Control Indicators (KCIs)
  1. Information Technology Principles

    1. Enterprise Architecture
    2. IT Operations Management (e.g., change management, IT assets, problems, incidents)
    3. Project Management
    4. Disaster Recovery Management (DRM)
    5. Data Lifecycle Management
    6. System Development Life Cycle (SDLC)
    7. Emerging Technologies
  2. Information Security Principles

    1. Information Security Concepts, Frameworks and Standards
    2. Information Security Awareness Training
    3. Business Continuity Management
    4. Data Privacy and Data Protection Principles

Scroll to Top