U.S.

POSTAGE

KELMSCOTT
PRSRT STD

PAID
BalanCe RISk
with Reward
Relationship With Other ISACA Certifications
CRISC is intended to complement ISACA’s three other certifications:
CISA®, CISM® and CGEIT ®. For example:

n While CISA is designed for IT professionals who perform independent reviews

of control design and operational effectiveness, CRISC is for IT and business

professionals to balance risk and reward. A CRISC designation will differentiate

professionals who design, implement and maintain IS controls.

implementing and maintaining information systems controls to mitigate risk.

CRISC enhances your professional recognition: In business today, risk plays

you with employers, clients and peers for your knowledge in designing,
a critical role. Almost every business decision requires IT and business
n While CISM is for individuals who manage, design, oversee and/or assess an
Last call for
enterprise’s information security, including the identification and Grandfathering
management of information security risks, CRISC is for IT professionals Applications—
whose roles encompass security, operational and compliance considerations. First Exam is
June 2011
n While CGEIT is primarily for IT and business professionals who have a
significant management, advisory or assurance role relating to the
governance of IT, including risk management, CRISC is intended for IT
and business professionals who are engaged at an operational level to
mitigate risk.

Benefits to the Enterprise

Employers can be assured that CRISC-certified professionals have the proven
experience and knowledge to help enterprises accomplish business objectives
such as:

n Effective and efficient operations

n Effective risk management
CRISC —

Rolling Meadows, Illinois 60008 USA

the Right Balance for Your Career
3701 Algonquin Road, Suite 1010
n Effective and efficient information systems controls
n Compliance with regulatory requirements

www.isaca.org
Get recognized for your knowledge
and experience in enterprise risk.
Visit www.isaca.org/crisc. www.isaca.org/crisc
 Certified in Risk and Information
WHAT is CRISC? HOW can I become CRISC certified?
Systems Control™ (CRISC™) — The Certified in Risk and Information Systems Control™ certification (CRISC™), There are two ways to become CRISC certified.
ISACA’s New Certification pronounced “see-risk,” is intended to recognize a wide range of professionals for
their knowledge of enterprise risk and their ability to design, implement and maintain Grandfathering
information system controls to mitigate such risk. Grandfathering is available through 31 March 2011. To download a grandfathering
Risk management has rapidly become a priority among IT application and for more information visit: www.isaca.org/grandfathering.
professionals. ISACA’S CRISC™ credential was created and added to CRISC is based on ISACA’s global research and frameworks including Risk IT and
Fulfill Grandfathering Requirements
the ISACA® family of credentials to address this growing market need COBIT 4.1, independent market research and input from thousands of subject The grandfathering program enables professionals highly experienced in the CRISC
for individuals who can effectively manage IT and business risks. matter experts from around the world. job practice areas to apply for the CRISC certification without taking the CRISC
exam. Professionals with eight or more years of IT or business experience can earn
WHO is CRISC for? ISACA’s CRISC designation under the grandfathering program. Candidates must
WHY CRISC? n The CRISC designation provide evidence that six of those eight years include responsibilities related to the
With the complexity of information systems, increased risks, and the need for is designed for: CRISC domains. At least three of those years must include responsibilities for risk
compliance, it is more important than ever that organizations develop, recruit and identification, assessment, evaluation, response and monitoring.
retain employees who can take a comprehensive view of information systems and IT professionals
their relationship to organizational success. Risk professionals Application and payment must be received by 31 March 2011.
Control professionals Member US $595
The CRISC designation certifies professionals who have knowledge and experience Business analysts Non-ISACA Member US $725
identifying and evaluating entity-specific risk, as well as designing, implementing, Project managers
monitoring and maintaining risk-based, efficient and effective IS controls. Compliance professionals Not a member? Join ISACA and save! www.isaca.org/join
... and anyone responsible for managing enterprise risk through effective
Those who earn the CRISC designation help enterprises to accomplish their information systems controls Pass the CRISC Exam
business objectives and benefit from the rising business demands for IT The first CRISC exam will take place 11 June 2011. To register for the exam and
professionals who understand business risk and have the technical knowledge “Enterprises around the world are continuing to become more risk-aware, and for more information visit: www.isaca.org/crisc.
to implement an appropriate IS control architecture. the CRISC designation will provide assurance to employers that professionals
First Exam, 11 June 2011 —
who earn and maintain a CRISC certification are experienced in identifying
“I believe that the CRISC certification will be the benchmark Register today! Non-ISACA
and evaluating the risks unique to their specific organization. It also helps risk Member Member
for the resources working within the risk management
and control professionals demonstrate that they have proven experience and Early registration deadline 9 February 2011 US $425 US $565
domain under the Risk, Compliance and Security Framework
abilities in designing, implementing and maintaining risk-based, efficient and Final registration deadline 6 April 2011 US $475 US $615
(RCS). Risk management and information systems control
effective information systems controls.”
are seamlessly intertwined together. They can be treated
individually but without combining them together we cannot — Urs Fischer, chair of ISACA’s CRISC Certification Committee, CISA, CRISC
“I personally believe that the CRISC will be the industry
find any convincing solution to be recommended.”
standard for risk management. I definitely do recommend
— Alay Raza, CISA, CRISC pursuing this certification.”

— Michael Peters, CISM, CRISC

G e t r e war d e d w i t h c a r e e r a d v a n c e m e n t a n d r ecoG n i t i o n . G e t c r i S c c e r t i f i e d .
 Certified in Risk and Information
WHAT is CRISC? HOW can I become CRISC certified?
Systems Control™ (CRISC™) — The Certified in Risk and Information Systems Control™ certification (CRISC™), There are two ways to become CRISC certified.
ISACA’s New Certification pronounced “see-risk,” is intended to recognize a wide range of professionals for
their knowledge of enterprise risk and their ability to design, implement and maintain Grandfathering
information system controls to mitigate such risk. Grandfathering is available through 31 March 2011. To download a grandfathering
Risk management has rapidly become a priority among IT application and for more information visit: www.isaca.org/grandfathering.
professionals. ISACA’S CRISC™ credential was created and added to CRISC is based on ISACA’s global research and frameworks including Risk IT and
Fulfill Grandfathering Requirements
the ISACA® family of credentials to address this growing market need COBIT 4.1, independent market research and input from thousands of subject The grandfathering program enables professionals highly experienced in the CRISC
for individuals who can effectively manage IT and business risks. matter experts from around the world. job practice areas to apply for the CRISC certification without taking the CRISC
exam. Professionals with eight or more years of IT or business experience can earn
WHO is CRISC for? ISACA’s CRISC designation under the grandfathering program. Candidates must
WHY CRISC? n The CRISC designation provide evidence that six of those eight years include responsibilities related to the
With the complexity of information systems, increased risks, and the need for is designed for: CRISC domains. At least three of those years must include responsibilities for risk
compliance, it is more important than ever that organizations develop, recruit and identification, assessment, evaluation, response and monitoring.
retain employees who can take a comprehensive view of information systems and IT professionals
their relationship to organizational success. Risk professionals Application and payment must be received by 31 March 2011.
Control professionals Member US $595
The CRISC designation certifies professionals who have knowledge and experience Business analysts Non-ISACA Member US $725
identifying and evaluating entity-specific risk, as well as designing, implementing, Project managers
monitoring and maintaining risk-based, efficient and effective IS controls. Compliance professionals Not a member? Join ISACA and save! www.isaca.org/join
... and anyone responsible for managing enterprise risk through effective
Those who earn the CRISC designation help enterprises to accomplish their information systems controls Pass the CRISC Exam
business objectives and benefit from the rising business demands for IT The first CRISC exam will take place 11 June 2011. To register for the exam and
professionals who understand business risk and have the technical knowledge “Enterprises around the world are continuing to become more risk-aware, and for more information visit: www.isaca.org/crisc.
to implement an appropriate IS control architecture. the CRISC designation will provide assurance to employers that professionals
First Exam, 11 June 2011 —
who earn and maintain a CRISC certification are experienced in identifying
“I believe that the CRISC certification will be the benchmark Register today! Non-ISACA
and evaluating the risks unique to their specific organization. It also helps risk Member Member
for the resources working within the risk management
and control professionals demonstrate that they have proven experience and Early registration deadline 9 February 2011 US $425 US $565
domain under the Risk, Compliance and Security Framework
abilities in designing, implementing and maintaining risk-based, efficient and Final registration deadline 6 April 2011 US $475 US $615
(RCS). Risk management and information systems control
effective information systems controls.”
are seamlessly intertwined together. They can be treated
individually but without combining them together we cannot — Urs Fischer, chair of ISACA’s CRISC Certification Committee, CISA, CRISC
“I personally believe that the CRISC will be the industry
find any convincing solution to be recommended.”
standard for risk management. I definitely do recommend
— Alay Raza, CISA, CRISC pursuing this certification.”

— Michael Peters, CISM, CRISC

G e t r e war d e d w i t h c a r e e r a d v a n c e m e n t a n d r ecoG n i t i o n . G e t c r i S c c e r t i f i e d .
 Certified in Risk and Information
WHAT is CRISC? HOW can I become CRISC certified?
Systems Control™ (CRISC™) — The Certified in Risk and Information Systems Control™ certification (CRISC™), There are two ways to become CRISC certified.
ISACA’s New Certification pronounced “see-risk,” is intended to recognize a wide range of professionals for
their knowledge of enterprise risk and their ability to design, implement and maintain Grandfathering
information system controls to mitigate such risk. Grandfathering is available through 31 March 2011. To download a grandfathering
Risk management has rapidly become a priority among IT application and for more information visit: www.isaca.org/grandfathering.
professionals. ISACA’S CRISC™ credential was created and added to CRISC is based on ISACA’s global research and frameworks including Risk IT and
Fulfill Grandfathering Requirements
the ISACA® family of credentials to address this growing market need COBIT 4.1, independent market research and input from thousands of subject The grandfathering program enables professionals highly experienced in the CRISC
for individuals who can effectively manage IT and business risks. matter experts from around the world. job practice areas to apply for the CRISC certification without taking the CRISC
exam. Professionals with eight or more years of IT or business experience can earn
WHO is CRISC for? ISACA’s CRISC designation under the grandfathering program. Candidates must
WHY CRISC? n The CRISC designation provide evidence that six of those eight years include responsibilities related to the
With the complexity of information systems, increased risks, and the need for is designed for: CRISC domains. At least three of those years must include responsibilities for risk
compliance, it is more important than ever that organizations develop, recruit and identification, assessment, evaluation, response and monitoring.
retain employees who can take a comprehensive view of information systems and IT professionals
their relationship to organizational success. Risk professionals Application and payment must be received by 31 March 2011.
Control professionals Member US $595
The CRISC designation certifies professionals who have knowledge and experience Business analysts Non-ISACA Member US $725
identifying and evaluating entity-specific risk, as well as designing, implementing, Project managers
monitoring and maintaining risk-based, efficient and effective IS controls. Compliance professionals Not a member? Join ISACA and save! www.isaca.org/join
... and anyone responsible for managing enterprise risk through effective
Those who earn the CRISC designation help enterprises to accomplish their information systems controls Pass the CRISC Exam
business objectives and benefit from the rising business demands for IT The first CRISC exam will take place 11 June 2011. To register for the exam and
professionals who understand business risk and have the technical knowledge “Enterprises around the world are continuing to become more risk-aware, and for more information visit: www.isaca.org/crisc.
to implement an appropriate IS control architecture. the CRISC designation will provide assurance to employers that professionals
First Exam, 11 June 2011 —
who earn and maintain a CRISC certification are experienced in identifying
“I believe that the CRISC certification will be the benchmark Register today! Non-ISACA
and evaluating the risks unique to their specific organization. It also helps risk Member Member
for the resources working within the risk management
and control professionals demonstrate that they have proven experience and Early registration deadline 9 February 2011 US $425 US $565
domain under the Risk, Compliance and Security Framework
abilities in designing, implementing and maintaining risk-based, efficient and Final registration deadline 6 April 2011 US $475 US $615
(RCS). Risk management and information systems control
effective information systems controls.”
are seamlessly intertwined together. They can be treated
individually but without combining them together we cannot — Urs Fischer, chair of ISACA’s CRISC Certification Committee, CISA, CRISC
“I personally believe that the CRISC will be the industry
find any convincing solution to be recommended.”
standard for risk management. I definitely do recommend
— Alay Raza, CISA, CRISC pursuing this certification.”

— Michael Peters, CISM, CRISC

G e t r e war d e d w i t h c a r e e r a d v a n c e m e n t a n d r ecoG n i t i o n . G e t c r i S c c e r t i f i e d .
 U.S. POSTAGE

KELMSCOTT
PRSRT STD

PAID
BalanCe RISk
with Reward
Relationship With Other ISACA Certifications
CRISC is intended to complement ISACA’s three other certifications:
CISA®, CISM® and CGEIT ®. For example:

n While CISA is designed for IT professionals who perform independent reviews

of control design and operational effectiveness, CRISC is for IT and business

professionals to balance risk and reward. A CRISC designation will differentiate

professionals who design, implement and maintain IS controls.

implementing and maintaining information systems controls to mitigate risk.

CRISC enhances your professional recognition: In business today, risk plays

you with employers, clients and peers for your knowledge in designing,
a critical role. Almost every business decision requires IT and business
n While CISM is for individuals who manage, design, oversee and/or assess an
Last call for
enterprise’s information security, including the identification and Grandfathering
management of information security risks, CRISC is for IT professionals Applications—
whose roles encompass security, operational and compliance considerations. First Exam is
June 2011
n While CGEIT is primarily for IT and business professionals who have a
significant management, advisory or assurance role relating to the
governance of IT, including risk management, CRISC is intended for IT
and business professionals who are engaged at an operational level to
mitigate risk.

Benefits to the Enterprise

Employers can be assured that CRISC-certified professionals have the proven
experience and knowledge to help enterprises accomplish business objectives
such as:

n Effective and efficient operations

n Effective risk management
CRISC —

Rolling Meadows, Illinois 60008 USA

the Right Balance for Your Career
3701 Algonquin Road, Suite 1010
n Effective and efficient information systems controls
n Compliance with regulatory requirements

www.isaca.org
Get recognized for your knowledge
and experience in enterprise risk.
Visit www.isaca.org/crisc. www.isaca.org/crisc
 U.S. POSTAGE

KELMSCOTT
PRSRT STD

PAID
BalanCe RISk
with Reward
Relationship With Other ISACA Certifications
CRISC is intended to complement ISACA’s three other certifications:
CISA®, CISM® and CGEIT ®. For example:

n While CISA is designed for IT professionals who perform independent reviews

of control design and operational effectiveness, CRISC is for IT and business

professionals to balance risk and reward. A CRISC designation will differentiate

professionals who design, implement and maintain IS controls.

implementing and maintaining information systems controls to mitigate risk.

CRISC enhances your professional recognition: In business today, risk plays

you with employers, clients and peers for your knowledge in designing,
a critical role. Almost every business decision requires IT and business
n While CISM is for individuals who manage, design, oversee and/or assess an
Last call for
enterprise’s information security, including the identification and Grandfathering
management of information security risks, CRISC is for IT professionals Applications—
whose roles encompass security, operational and compliance considerations. First Exam is
June 2011
n While CGEIT is primarily for IT and business professionals who have a
significant management, advisory or assurance role relating to the
governance of IT, including risk management, CRISC is intended for IT
and business professionals who are engaged at an operational level to
mitigate risk.

Benefits to the Enterprise

Employers can be assured that CRISC-certified professionals have the proven
experience and knowledge to help enterprises accomplish business objectives
such as:

n Effective and efficient operations

n Effective risk management
CRISC —

Rolling Meadows, Illinois 60008 USA

the Right Balance for Your Career
3701 Algonquin Road, Suite 1010
n Effective and efficient information systems controls
n Compliance with regulatory requirements

www.isaca.org
Get recognized for your knowledge
and experience in enterprise risk.
Visit www.isaca.org/crisc. www.isaca.org/crisc