The US branch of SMME is now Certwiz

Heard the news? As of November 1st, SMME in the United States has been rebranded as Certwiz.

We’ve kept everything you loved about SMME’s courses. We’re making some exciting changes that you’ll enjoy even more.

Want to take a look?

Yes, take me to CertwizVisit SMME BelgiumVisit SMME UAE

What is this course?

COBIT 5 for Risk is the new leading Framework for IT Risk Management from ISACA. It is based on COBIT 5 – The Framework for Governance & Management of IT.  COBIT 5 for Risk provides extensive guidance on how to build and sustain an effective IT Risk function in an enterprise; it also provides a comprehensive description of the Risk Management process with many example risk scenarios and how to use COBIT 5 to respond to them.

In this course, we discuss the COBIT 5 Framework and the COBIT 5 for Risk publication, and each step of the Risk Management process is first explained and then immediately practiced by means of an integrated case study. This part of the course will take approx. 65% of the course time.

Introduced in 2010, The Certified in Risk and Information Systems Control certification (CRISC), pronounced "see-risk," is intended to recognize a wide range of IT and business professionals for their knowledge of enterprise risk and their ability to design, implement and maintain information system (IS) controls to mitigate such risk.

In this CRISC training, we will first briefly discuss the CRISC job practice domains, and next practice a comprehensive number of exam test questions. This part of the course will take approx. 35% of the course time.

Why take it?

  • Certified in Risk and Information Systems Control certification (CRISC) training offers the necessary knowledge and skills for professionals and managers seeking for a reinforced risk management position.
  • CRISC training brings you up to date with the leading IT Risk management framework and provides you with hands-on experience
  • CRISC certification brings the essential material to IT Risk Management professionals in the five domains of knowledge (the Job Practice areas as defined by ISACA)
  • It prepares to the CRISC™ exam by reviewing all job practices, activities and knowledge requirements as defined by ISACA.

Who should attend?

The Target group for IT Risk Management is very broad and includes IT Risk professionals and management, enterprise risk management professionals and management, business managers, auditors and IT Management.

The CRISC designation is designed for:

  • IT professionals
  • Risk professionals
  • Control professionals
  • Business analysts
  • Project managers
  • Compliance professionals
  • ... and anyone responsible for managing enterprise risk through effective information systems controls

Are there any prerequisites?

There are no prerequisites for attendance. To register for the exam, individuals must provide evidence of appropriate work experience in risk management and information system control as defined by the CRISC job practice.

What courseware is provided?

Each attendee is provided with the student manual consisting of presentation slides and sample exam questions.

What does it take to get certified?

There is no exam at the end of this course.
The course prepares delegates for the CRISC examination by ISACA.

Which topics does the CRISC™ Certification cover?

The Job Practice serves as the basis for the CRISC exam and the experience requirements to earn the CRISC™ certification. This job practice consists of task and knowledge statements, organized by domains.

The following is a brief description of these domains, their definitions and approximate percentage of exam questions allocated to each area.
The Job Practice domains are as follows:

Domain 1 — Risk Management

  • Collect and review environmental risk data
  • Identify potential vulnerabilities to people, processes and assets
  • Develop IT scenarios based on information and potential impact to the organization
  • Identify key stakeholders for risk scenarios
  • Establish risk register
  • Gain senior leadership and stakeholder approval of the risk plan
  • Collaborate to create a risk awareness program and conduct training

Domain 2 – IT Risk Assessment

  • Analyze risk scenarios to determine likelihood and impact
  • Identify current state of risk controls and their effectiveness
  • Determine gaps between the current state of risk controls and the desired state
  • Ensure risk ownership is assigned at the appropriate level
  • Communicate risk assessment data to senior management and appropriate stakeholders
  • Update the risk register with risk assessment data

Domain 3 – Risk Response and Mitigation

  • Align risk responses with business objectives
  • Develop consult with and assist risk owners with development risk action plans
  • Ensure risk mitigation controls are managed to acceptable levels
  • Ensure control ownership is appropriately assigned to establish accountability
  • Develop and document control procedures for effective control
  • Update the risk register
  • Validate that risk responses are executed according to risk action plans

Domain 4 – Risk and Control Monitoring and Reporting

  • Risk and control monitoring and reporting
  • Define key risk indicators (KRIs) and identify key performance indicators (KPIs) to enable performance measurement key risk indicators (KRIs) and key performance indicators (KPIs)
  • Determine the effectiveness of control assessments
  • Identify and report trends/changes to KRIs/KPIs that affect control performance or the risk profile

The detailed CRISC Job Practice can be viewed at

Where can I book it?

CourseUpcoming DatesPriceBook
Certified in Risk and Information Systems Control (CRISC)
  • Onsite
    Choose Your Own

Course Testimonials

  • Dirk has tremendous amount of experience and has delivered the most important concepts in avery concise manner
    Mohammed Ibrahim
    11/2014 Dubai, UAE
  • Syed is very prompt and professional.
    Mohammed Ibrahim
    11/2017 Dubai, UAE
  • Charmaine took care of the logistics very well and ensured all the trainees were comfortable all through out.
    Mohammed Ibrahim
    11/2014 Dubai, UAE
  • The course members were from a variety if backgrounds which is good. Good interaction from all participants
    Dave Curran
    HSBC, Dubai
    11/2014 Dubai, UAE
  • Friendly environment, valuable information, helpful instructor. Overall I carried out a useful value with me.
    Nasser AlMejaini
    Centre of Excellence, Abu Dhabi
    11/2014 Dubai, UAE
  • Overall, the instructor was well prepared and organized and the presentation quality was high.
    Ayman Zaki
    IScore, Egypt
    11/2014 Dubai, UAE
  • The knowledge & personal insights from the instructor were impressive.
    Waqas Abbasi
    Shelf Drilling
    04/2015 Dubai, UAE
  • Charmaine was very helpful in assisting with my hotel booking as I was traveling from abroad.
    Noor I.
    BDF Royal Medical Services
    11/2012 Dubai, UAE