The document provides tips and guidance for preparing for the Certified in Risk and Information Systems Control (CRISC) exam over a 5-month period. It recommends establishing why you want to pursue the CRISC certification, setting goals for each certification domain, and monitoring your progress. Sample goal-setting templates are provided. The document also outlines the CRISC exam format and content, recommended study materials, and a sample 5-month study plan schedule. Tips include congratulating yourself in advance and maintaining focus through prayer and goal reminders placed in visible locations.

1. 5–Month
Prep Guide
|Prepared by: Wale Micaiah|
Certified in Risk and
Information Systems
Controls

2. Having successfully attempted CISM and excelled, it became
necessary to share with others some tips I personally
practiced that aided my success.
I shared them in CismPrepGuide I received tremendous
feedbacks, with several downloads, assisted quite a number
responding to questions on grey areas and contributing my
best to help them get certified.
My philosophy is:
When you find something that
works, share with others so
they don’t go through the
troubles you went through.
(http://www.slideshare.net/statisense/cismprepguide)

3. The first and most important thing to do before paying for
the exam is to establish the reason(s) “why CRISC” among
all the Risk exams! Ask yourself:
Why CRISC?
Is it a job requirement?
Is it for career advancement?
Is it just for professional development
Is it just another conquest?
The stronger your conviction “why CRISC”, the more you
will “find excuse for your excuses” when you start
preparing for the exam…trust me, you will have reasons
not to study and practice but if your “why CRISC” is
stronger, you will always find time to study!

4. Take some time to establish
“why CRISC”
CRISC
“If there is no reason to start, you
will soon find reason to stop!”

5. So this year, I attempted CRISC on June 14, 2014, about 45
days later (precisely July 29, 2014) I got this:
…We are pleased to inform you
that you PASSED the exam…
…Again, congratulations on passing the CRISC exam, we look
forward to having you join the more than 16,000 professionals
worldwide who have earned the CRISC credential.
Even though it was a great feeling, it didn’t come to me much
as a surprise…because I had followed some rudimentary
elements of the Psychology of Success coupled with my work
experience, preparation, practice and prayer – yes, I prayed!
…and this is my desire for you too….that ISACA may be
pleased to inform you that you ‘PASSED’ CRISC!

6. Introduction to CRISC
The CRISC certification, CRISCTM, pronounced “see-risk,” is
designed for IT professionals who have hands-on
experience with:
 risk identification, assessment and evaluation;
 risk response;
 risk monitoring;
 IS control design and implementation; and
 IS control monitoring and maintenance.
Content of the CRISC Exam
The CRISC exam measures an individual’s ability and
knowledge as they pertain to the performance of the CRISC
task statements. The content of the exam is modified to
reflect changes in technology and practices.

7. CRISC Domains
# DOMAIN % DESCRIPTION
1
Risk Identification,
Assessment and
Evaluation
31
Identify, assess and evaluate risk to enable the execution
of the enterprise risk management strategy.
2 Risk Response 17
Develop and implement risk responses to ensure that
risk factors and events are addressed in a cost-effective
manner and in line with business objectives.
3 Risk Monitoring 17
Monitor risk and communicate information to the
relevant stakeholders to ensure the continued
effectiveness of the enterprise’s risk management
strategy.
4
Information Systems
Control Design and
Implementation
17
Design and implement information systems controls in
alignment with the organization’s risk appetite and
tolerance levels to support business objectives.
5
Information Systems
Control Monitoring
and Maintenance
18
Monitor and maintain information systems controls to
ensure that they function effectively and efficiently.
The percentages listed above with the domains indicate the emphasis or
percentage of questions that will appear on the exam from each domain.

8. 200 Multiple-Choice
Questions – 4hours
1 Question – 72Secs
(1min:12Secs)
A candidate must receive
a scaled score of 450 or
higher to pass the exam
Some questions are
included for research and
analysis purposes only
CRISC QUESTIONS PER DOMAIN
Domain 1: 62 Domain 3: 34 Domain 5: 36
Domain 2: 34 Domain 4: 34

9. STUDY MATERIALS
 Official ISACA Study materials – Review Manual and
past Questions & Answers
 The Risk IT Framework
 The Risk IT Practitioner Guide
 COBIT 5
Make some more investment - you will need them!
See www.isaca.org/criscbooks

10. ADDITIONAL STUDY MATERIALS
Here are some of the
additional materials I
used for my CRISC
preparation.
ISACA Study Materials
were my primary and I
refer to these when
necessary

11. STUDY PLANMonth
1 2 3 4 5Week
1
DOMAIN 12
3
4 Review & Practice
5
DOMAIN 26
7
8 Review & Practice
9
DOMAIN 310
11
12 Review & Practice
13
DOMAIN 4
14
15
16 Review & Practice
17
DOMAIN 518
19
20 Review & Practice
EXAMINATION WEEK
Consult your reference
materials as you study
Remember, this is just a guide! Success is not only in
the PLAN but its EXECUTION!

12. Each CRISC Domain is divided into:
 Task statements and
 Knowledge Statements
STUDY PLAN EXECUTION
Task Statements:
These are tasks within
this job practice area
that a CRISC candidate
must know how to
perform
Knowledge Statements:
These are areas a CRISC
candidate must have good
understanding of, they are
the basis for the
examination.
The Knowledge Statements are the basis for the exam!

13. STUDY RECOMMENDATION
 You may start with the Domain you are most familiar with,
but I prefer to start from Domain 1 as they build on one
another.
 Read the Task Statements (TS) and Knowledge Statements
(KS) before reading the rest of the Chapter. You may print
it out from the recent CRISC Exam Candidate Guide
document.
 The TS, KS is your CRISC Syllabus! TS and KS are the
measurement of your understanding of each Domain. Be
sure you understand what you are required to know in
each KS.
 Next, read the Questions corresponding with each
Domain with special attention to understanding the
Questions and logic behind it. For now, do not bother
about getting the answers correctly.

14. STUDY RECOMMENDATION
 Take note of words like MOST, LEAST, BEST, FIRST,
PRIMARILY, MAIN, MUST, HIGHEST, GREATEST, PRIMARY,
LOWEST, PRIORITY, MAJOR, EXCLUSIVELY, and NEXT.
They are very, very, very vital!
 Refer to other materials of choice, if you need to seek
more clarification.
 You should be able to connect the Review Manual with
the TS and KS before proceeding to the next
section/chapter.
 Go through the CRISC Item Development Guide. It will
help you know how Professionals think when setting
exam questions.
 Stick to what works for you. You know when you
understand better – Morning, Afternoon, Night, with
Music, Low Noise, Library, Room, Public places, etc.
CONTD.

15. PART I – Risk Management
and Information System Control
Theory and Concepts consists of
the 5 Chapters, each dedicated to
one of the 5 CRISC Domains
PART II – Risk Management
and Information Systems Control
in Practice contains selected
process-specific chapters.
PART I PART II
STUDY RECOMMENDATION
CRISC
REVIEW MANUAL
I suggest you complete Part
I before going on to II

16. Do YOU have a goal for this
exam?
What is it?
A goal keeps you Focus, on a
Mark!
Let’s see how we can set a
GOAL!
WHAT’S YOUR CRISC GOAL?

17. I had a goal of the score I want to achieve in CRISC
during preparation, and I wrote it down. In fact, I
placed it where I could see it every time, many
times, everyday!
GOAL SETTING
I went a step further, I set a goal for each DOMAIN,
and I monitor my performance at every practice to
ensure I meet those goals.
Most people set goal, but they don’t take time to
measure (monitor) their goal.
What gets measured (monitored), gets done!

18. I monitor my performance by keeping a small jotter, I
recorded my performance in each domain and appraised
them against previous perfomance. See Samples
GOAL SETTING

19. Keeping those records kept me on track,
particularly when I did not perform to expectation.
Sometimes, I surpassed my goals and other times I
fall short (sad face) but the records gave me an
idea of where I was at every time per Domain.
GOAL SETTING
“Even though it was a great feeling, it didn’t come to
me much as a surprise…because I had followed
some rudimentary elements of the Psychology
of Success coupled with my work experience,
preparation, practice and prayer – yes, I prayed!”
Remember what I said earlier:

20. Again, remember that ISACA does not go by your
raw score – it is a common scale score of 200 to
800. Also, there are some questions that are just
for Research and Analysis purpose – no mark is
awarded to them (I assume).
So, you might want to set your goal higher than
usual…the most important thing is that you work
towards whatever PASSING goal you have set!
GOAL SETTING
“Those who Set Goals, Score Goals”

21. CONGRATULATE YOURSELF
One last thing I did was to congratulate myself
ahead of time – I pasted this where I could see it
daily: I pasted it where my CRISC goal
was and I saw it every time,
many times, everyday.
It ‘convinced’ my
subconscious mind to accept
the ‘congratulations’, and
today it is real!
ISACA and several people said congratulations,
by mail, SMS, even on Social Media.

22. As you prepare for this or other
exams, all I can say is:
May the Goal you
have Set and Work
towards be a reality!
Congratulations!

23. Reference:
- www.isaca.org
- CRISC-Exam-Candidates-Guide-English-2013
Analysis by: Wale Micaiah
e: wm@walemicaiah.com
w. www.statisense.com