عراب ال IT 
امتحانات دوليه
Certified in Risk and Information Systems Control
About the Certification
This is a globally recognized professional certification offered by ISACA, focusing on Information Technology (IT) Auditing, Governance, Risk Management, and Compliance.
It is designed to prepare professionals to evaluate technical controls, audit information systems, and ensure the security, reliability, and integrity of information within organizations. The certification is considered one of the strongest credentials worldwide in IT Audit and Governance, validating expertise in assessing controls, managing IT-related risks, and supporting sound governance and decision-making at the enterprise level.
Main Curriculum
The curriculum is divided into four main domains
- Governance
-
- Principles of risk management governance
- Aligning IT risks with business objectives
- Organizational roles and responsibilities
- Integrating risk management into decision-making
- IT Risk Assessment
-
- Identifying information systems risks
- Risk analysis and evaluation
- Assessing threats and vulnerabilities
- Defining risk appetite
- Risk Response and Mitigation
-
- Selecting risk treatment strategies
- Designing and implementing controls
- Risk reduction, transfer, or acceptance
- Aligning controls with business requirements
- Risk and Control Monitoring and Reporting
-
- Monitoring control effectiveness
- Key Risk Indicators (KRIs)
- Risk reporting to management
- Continuous improvement of risk management
Exam Details
- Exam code: CISA
- Duration: 240 minutes
- Number of questions: 150
- Question types: Multiple-choice + scenario-based questions
- Language: English
- Passing score: 450 out of 800
- Exam fee: USD 575–760 (may vary by country and may include taxes)
- Certification Maintenance The certification does not expire automatically Requires 20 CPE credits annually, totaling 120 CPE credits over 3 years Annual maintenance fee applies
Do I need certifications before it ?
No prerequisites are required.
However, to be officially certified, candidates must have: Five years of professional experience in IT Audit or related fields
(A portion of this requirement may be waived through approved certifications or academic education.)
Which certifications are recommended after this one ?
Not mandatory.
However, if you are seeking a strong career path in IT Risk Management and Information Systems Governance especially in risk identification, assessment, control design, and business decision support the Certified in Risk and Information Systems Control (CRISC) certification is the strongest option.
What are the main career uses of the CRISC certification ?
- CISM – Transitioning from risk management into information security management and governance.
- CISA – Linking risk management with IT auditing and information systems assurance.
- Enterprise Risk Management (ERM) – Deepening expertise in enterprise-wide risk management and strategic alignment.
- GRC (Governance, Risk & Compliance) – Working in governance, compliance, and regulatory risk roles.
- Cyber Risk & Security Strategy – Aligning IT risk with cybersecurity strategy.
- Risk Leadership / CRO Track – Advancing into leadership roles such as Risk Manager or Chief Risk Officer.
Your Path Toward IT Risk Management Excellence :
This is a powerful certification for professionals responsible for managing IT-related risks and supporting executive decision-making. It equips you to connect IT risks with strategic business objectives, design effective controls to reduce impact, and build resilience making it a key credential for careers in IT Risk Management, GRC, and Business Resilience.
Who is this certification suitable for ?
- IT Auditors or Internal Auditors.
- Professionals working in Governance, Risk & Compliance (GRC).
- Security or Risk Analysts.
- IT Managers or Consultants.
- Anyone interested in governance, auditing, and IT risk management.