HomeCoursesCRISC Exam Prep

🎯 CRISC Exam Prep

Free, independent ISACA CRISC exam-preparation with a signed certificate. Learn the four risk domains, pass the exam.

Last updated: June 2026

An independent, free exam-preparation course that walks through ISACA's publicly published CRISC job-practice domains — Governance, IT Risk Assessment, Risk Response & Reporting, and Information Technology & Security. It uses visual lessons, real risk scenarios, original self-check questions and a 45-question final exam to build exam-ready understanding of enterprise and IT risk governance, risk identification and analysis, risk and control ownership, control design and testing, KRIs/KCIs/KPIs and risk reporting, plus the technology, security and resilience concepts a risk practitioner must master. It is awareness/prep only — not ISACA's official CRISC review manual or the licensing exam — and claims no ISACA affiliation or endorsement. It maps to ISACA CRISC (4 domains). The course is organized into 22 modules, ending with a final exam (pass mark 80%). It is independent, free exam-preparation training — not an official or accredited review course.

What you'll learn

  • CRISC at a Glance: Role, Domains & Exam
  • Domain 1 — Organizational Governance
  • Risk Governance & ERM
  • Risk Appetite, Tolerance & Risk Profile
  • Policies, Standards, Procedures & Culture
  • Domain 2 — Risk Identification
  • Threat Modeling & Vulnerability Management
  • Risk Scenario Development
  • Risk Analysis: Likelihood & Impact
  • Business Impact Analysis (BIA)
  • Risk Register & Inherent vs Residual Risk
  • Domain 3 — Risk Response Options
  • Risk & Control Ownership
  • Third-Party, Vendor & Supply-Chain Risk
  • Control Design & Selection
  • Control Testing & Effectiveness
  • Issues, Exceptions & Action Plans
  • KRIs, KCIs & KPIs
  • Risk Monitoring & Reporting
  • Domain 4 — Technology, SDLC & Data Lifecycle
  • Information Security Principles
  • Resilience, Emerging Tech & Exam Strategy

Learning objectives

  • Map the four CRISC domains and their official exam weightings (Governance 26%, Risk Assessment 22%, Risk Response & Reporting 32%, Technology & Security 20%).
  • Explain enterprise and risk governance: strategy, structure, culture, policies, the three lines of defense and ERM.
  • Build risk profiles and apply risk appetite and risk tolerance to real decisions.
  • Identify IT risk using threat modeling, vulnerability management and scenario development.
  • Analyze risk with business impact analysis, risk registers and inherent versus residual risk.
  • Select and justify risk response options and assign clear risk and control ownership.
  • Design, select and test controls, and manage issues and exceptions.
  • Define and monitor KRIs, KCIs and KPIs and report risk to the right stakeholders.
  • Apply technology, security, data-lifecycle, resilience and emerging-technology concepts to risk.
  • Réussir un examen de 45 questions (80 % pour obtenir votre certificat).