Getting certified in CRISC
Certified in Risk and Information Systems Control, also known as CRISC from ISACA is a known certification for risk specialists. Students who follow this course enhance their understanding of the impact of IT risk and identify how it relates to any organization. The following domains are covered in CRISC.
- Domain 1 - Governance. (26%)
- Domain 2 - IT Risk Assessment. (20%)
- Domain 3 - Risk Response and Reporting. (32%)
- Domain 4 - Information Technology and Security. (22%)
A percentage is shown behind each domain. This gives an indication of the size of the domain that is being treated. You could also deduce from this approximately how many questions will be asked per domain during the exam. I did not take this into account while learning. To pass the CRISC exam I used a number of resources.
Resources
Resource 1: CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, 2nd Edition
The book is very compact at just over 200 pages. The four domains of CRISC are all covered. After the first two domains I stopped reading the book. This is because I then started doing the questions from the ISACA question book (Resource 2). For example, I noticed that I could not answer questions from domain 1 (Governance) of the question book with the material from this book. I did go through the practice questions from the book so that I had some extra practice material. If I didn’t know the answer to a question, I could try to look it up in this book or on the internet. I expected more from this book, which is why I started looking for alternative resources.
Resource 2: CRISC Questions, Answers and Explanations, 6th Edition
This book was something in my opionion is expensive and it was even cheaper when the book was bought on Amazon. You probably understand that I bought the book there and not at ISACA. The book has 600 questions spread over the 4 domains. One domain has more questions than the other, this is probably based on the percentages linked to the different domains. These questions are not actual exam items but are intended to provide CRISC students with an understanding of the type and structure of questions and content. With a subscription you could also submit the questions digitally at ISACA itself. But you pay more for that than this book itself. The choice of whether to go for a digital version or paper version depends entirely on whether you think it is worth it. I thought the questions themselves were very good. For each question there was an explanation as to why an answer was right or wrong. Overall, I found this to be the best resource while learning CRISC.
Resource 3: CRISC - Certified in Risk & Information System Control (Hemang Doshi)
I have often come across posts on the internet that recommend Hemang Doshi’s book. Price-wise it would even be one of the better deals. I saw the book for a reasonable price on Amazon. However, nowhere could I see how the content was laid out and with the experience of the All-in-One study guide I was not quickly inclined to buy an extra book. Coincidentally, I came across his CRISC Exam Study website, which largely contains his entire book digitally. Some paragraphs were missing, but a lot of material was available. In addition, there were practice questions next to each paragraph, which made learning easy. In addition to the ISACA question book, I recommend this as a resource to study for the CRISC exam.
Exam
The exam consists of 150 questions spread over the 4 domains. You have a total of 4 hours to answer these questions. This is approximately 38 questions per hour that need to be answered. You understand that you have enough time to read and answer the questions. While practicing the questions, I noticed that reading often went too fast and that I had overlooked an essential word. During the exam itself, I forced myself to read the question twice before going through the answers and then the question again. The 4 hours is more than enough and with this tactic I even had plenty of time left.
If I could give you a tip for the exam, it would be to read the question carefully and make sure you understand the question well before you answer it.