New CRISC certification for risk professionals

The Certified in Risk and Information Systems Control (CRISC) designation from ISACA is for IT professionals who identify and manage risks through the development, implementation and maintenance of information systems (IS) controls.

A grandfathering program, through which experienced professionals can earn the certification without passing an exam, will open in April. The first CRISC exam will be administered in 2011.

ISACA established CRISC to recognize IT professionals with skills related to:

• Risk identification, assessment and evaluation
• Risk response
• Risk monitoring
• IS control design and implementation
• IS control monitoring and maintenance.

“The CRISC designation will demonstrate to employers that the certification holder is able to identify and evaluate the risks unique to a specific organization and help the enterprise accomplish its business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls,” said Urs Fischer, chair of ISACA’s CRISC Task Force. “We conducted global research and found that enterprises are becoming more risk-aware and are looking to identify professionals who possess the skills to help them protect their assets and enhance their businesses. CRISC fills a gap that exists in the marketplace.”