1. COBIT 5 for Risk Overview

• Overview of COBIT 5 framework
  • Detailed overview of COBIT 5 for Risk, and its components
  • Governance vs. Management of IT Risk
  • IT Risk Management Principles
  • Applying COBIT 5’s seven enabler model to IT Risk Management
  • Risk Appetite, Risk Capacity and Risk Tolerance
  • Generic and detailed IT Risk Scenario
  • Processes: EDM 3 Governance of Risk and APO 12 Manage Risk
  • Risk and Controls Matrix
• Why should you choose COBIT 5 for Risk

2. Implementing or (re)-aligning your IT Risk Management Program: the COBIT 5 for Risk way

• Overview of ISO 31000:2009, Risk management – Principles and guidelines
• IT Risk Management program challenges
• Critical success factors of a successful an IT Risk Management Program
• Assessing your IT Risk Management needs
• Enabling change using a life cycle approach
• (Re)-aligning your IT Risk Management initiatives using COBIT 5 for Risk:
  • Risk Identification, Assessment and Evaluation
  • Risk Reporting
  • Risk Monitoring
  • Information Systems Controls Design and Implementation
  • Information Systems Monitoring and Maintenance

• IT Risk Practitioners
• Chief Risk officers (CROs)
• Enterprise Risk managers
• IT Risk Managers
• CISO or Information Security Managers
• IT Audit and Assurance professionals
• Other IT Risk Management professionals

• Gain a detailed understanding of COBIT 5 for Risk  professional guidelines
• Familiarise or refresh with COBIT 5 framework and its components
• Understand the differences between governance and management of IT Risk.
• Develop the knowledge and skills required to advise organisations on best practices in governance and management of IT risk
• Acquire the necessary insights to support an organisation in implementing, managing and improving an IT Risk Management program
• Understand components of COBIT 5 for Risk guidance that can help you integrate with your Enterprise Risk Management Framework, compliant with ISO 31000 Principles and Generic Guidelines on Risk Management.

A recent white paper issued by the Australian chapters of global IT association ISACA highlights the potential for security breaches and major technology disasters at leading Australian organisations, with 60% of IT professionals stating they do not believe all IT-related risks are being effectively managed. Furthermore, 64% of IT professionals believe the risk culture at their organisation is either moderately effective or not effective at all.

There is a common misperception in the industry that IT risks only include security-related IT risks, despite there being a range of different scenarios and potential IT issues that should be considered.” Organisations must relate IT risks to business goals and keep the business engaged to create support and executive involvement to address these challenges.

ISACA’s COBIT® 5 for Risk offers comprehensive guidance on management and governance of IT Risk.

This course provides introductory and practical coverage of all aspects of COBIT 5 for Risk, including its components, enablers and implementation guidance. Using relevant scenario or case study, this course will highlight how COBIT 5 for Risk can be used in parts or holistically in a simple and pragmatic way.

CRISC Certified in Risk and Information Systems Control 

The fee includes:

• Course workbook
• Official ISACA text: CRISC Review Manual
• 12  month online access to Official ISACA text: CRISC Review Questions, Answers & Explanations Manual Supplement

The CRISC Exam 

The CRISC exam is set, conducted and marked by ISACA.  All exams will be conducted online via computer-based testing centres around the world.

Exam vouchers via ALC

You can book your CRISC exam direct with ISACA (see below) or else you can purchase an exam voucher via ALC (we are an ISACA Accredited Channel Partner) and have both course and exam on the one invoice.

If you want to purchase via ALC please make sure, when making your online registration, that you indicate “CRISC Course + Exam” in the COMMENTS field and that you choose the PAY BY INVOICE option (do not select the PAY BY CARD option).

The voucher will be issued to you at the end of the course together with full instructions as to how to register for the exam. Please note that the actual exam registration is done direct with ISACA using the voucher code issued to you.

For more information on how to register for an ISACA exam, please refer to the exams page on the ISACA website.

Pre-requisites

So as to obtain the ISACA CRISC Certification, the following requirements must be met:

• Pass the CRISC Exam (ALC’s Training course provides full preparation to successfully pass the exam)
• Have the relevant full-time work experience* in the CRISC Job Practice Areas
• Submit the CRISC Certification Application including Application Processing Fee

Exam NOT included in course fees. You must register directly with ISACA^®

This course provides intensive revision across all 4 CRISC job practice domains.

Domain 1 — Governance

• Key Risk Concepts
• Organisational Strategy, Goals and Objectives
• Organisational Structure, Roles and Responsibilities
• Organisational Culture and Assets
• Policies, Standards and Business Process Review
• Risk Governance Overview
• Enterprise Risk Management, Risk Management Frameworks and Three Lines of Defense
• Risk Profile, Risk Appetite and Risk Tolerance
• Professional Ethics, Laws, Regulations and Contracts

Domain 2 – IT Risk Assessment

• Risk Events
• Threat Modelling and Threat Landscape
• Vulnerability and Control Deficiency Analysis
• Risk Scenario Development
• Risk Assessment Concepts, Standards and Frameworks
• Risk Register
• Risk Analysis Methodologies
• Business Impact Analysis
• Inherent, Residual and Current Risk

Domain 3 – Risk Response and Reporting

• Risk and Control Ownership
• Risk Treatment/Risk Response Options
• Managing Risk from Processes, Third Parties and Emergent Sources
• Control Types, Standards and Frameworks
• Control Design, Selection and Analysis
• Control Implementation, Testing and Effectiveness Evaluation
• Risk Treatment Plans
• Data Collection, Aggregation, Analysis and Validation
• Risk and Control Monitoring and Reporting Techniques
• Metrics

Domain 4 – Information Technology and Security

• Enterprise Architecture
• IT Operations Management
• Project Management
• Enterprise Resiliency
• Data Life Cycle Management
• System Development Life Cycle
• Emerging Technologies

Final Session – CRISC Sample Exam Questions

The CRISC certification is designed for:

• IT professionals
• Risk professionals
• Compliance professionals
• Project managers
• Control professionals
• Business analysts

For organisations, employing CRISC professionals brings great benefits such as

• Build greater understanding about the impact of it risk and how it relates to the overall organisation;
• Assure development of more effective plans to mitigate risk; &
• Establish a common perspective and language about it risk that can set the standard for the enterprise

With a growing demand for professionals with risk and control skills, it is a great time to gain a globally recognised certification in this field. Becoming CRISC certified will:

• Demonstrate your knowledge and expertise in risk management.
• Increase your value within your organisation.
• Provide a gateway to more strategic level roles.
• Maintain your high level of professionalism through continuing professional education.

Propel your career with CRISC certification and build greater understanding of the impact of IT risk and how it relates to your organisation.

CRISC is now one of the most highly sought-after qualifications. It is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

This course has been designed to comprehensively cover the full CRISC syllabus and to prepare you for a first-time pass in the CRISC exam.