Home > Blogs > Fair Warning: ISACA CRISC Updates Coming in 2015

Fair Warning: ISACA CRISC Updates Coming in 2015

As seems to be case with many cert sponsors nowadays, ISACA used to stand for the Information Systems Audit and Control Association, but later changed its official name to match that acronym rather than sticking to the expanded version. ISACA remains an organization devoted to IT systems audit and governance training and certification, however, and its Certified Risk and Information Systems Control (CRISC) credential is becoming a high-value element in the audit and control realm for IT. Just recently, ISACA let current and prospective members of the association know that change is coming to the CRISC in 2015.

Particularly for government and process-oriented corporate IT, CRISC is gaining traction.

I'll summarize all the high points here, but you can find all the necessary details in this ISACA press release: "ISACA's CRISC Certification Knowledge Areas Will be Updated in 2015." These changes come from updates to what ISACA calls the job practice -- namely, those roles that CRISC holders are expected to occupy, and the tasks and activities they're most likely to undertake there -- that defines the knowledge base upon which training and certification for this credential ultimately rest.

Prior to announcing these upcoming change -- more about which anon -- ISACA conducted a nine-month study of the roles that current CRISC holders fill, and looked at what they were actually doing in their jobs. As a result the five domains in the body of knowledge for the current CRISC are being reduced to four in the next CRISC curriculum and exams -- namely:

Domain 1: IT Risk Identification
Domain 2: IT Risk Assessment
Domain 3: Risk Response and Mitigation
Domain 4: Risk and Control Monitoring and Reporting

According to the press release, these changes reflect: "... the expertise of nine CRISC Practice Analysis Task Force members, 25 independent subject matter expert reviewers and more than 1,400 IT risk professionals from around the world." That's a pretty sizable and extended assessment, and represents a significant hunk of work

What does this  mean to prospective CRISC candidates and current CRISC holders? Those planning to take the exam before June, 2015, must stick to the current body of knowledge, curriculum, and exam prep tools and techniques. Those planning to take the exam in June of next year (2015) or later must use the new set of knowledge domains, and the curriculum and exam prep materials that support them. Because the ISACA exams are given in June and December of each year, that means the next batch of test-takers (December 2014) sticks to the old regime, and anybody planning to take the exam after that hews to the new regime instead.

Those in need of explanation or motivation to put CRISC in its proper context might appreciate these further words from the afore-linked press release:

One of four globally recognized certifications from ISACA, CRISC was found to be the highest-paying certification in the Global Knowledge 2014 IT Skills and Salary Survey. It is tied for fifth highest-paying certifications in the most recent Foote Partners IT Skills and Pay Index™ and was named the Best Professional Certification Program by SC Magazine in 2013.