🎯 CRISC Exam Prep
Free, independent ISACA CRISC exam-preparation with a signed certificate. Learn the four risk domains, pass the exam.
Last updated: June 2026
An independent, free exam-preparation course that walks through ISACA's publicly published CRISC job-practice domains — Governance, IT Risk Assessment, Risk Response & Reporting, and Information Technology & Security. It uses visual lessons, real risk scenarios, original self-check questions and a 45-question final exam to build exam-ready understanding of enterprise and IT risk governance, risk identification and analysis, risk and control ownership, control design and testing, KRIs/KCIs/KPIs and risk reporting, plus the technology, security and resilience concepts a risk practitioner must master. It is awareness/prep only — not ISACA's official CRISC review manual or the licensing exam — and claims no ISACA affiliation or endorsement. It maps to ISACA CRISC (4 domains). The course is organized into 22 modules, ending with a final exam (pass mark 80%). It is independent, free exam-preparation training — not an official or accredited review course.
What you'll learn
- CRISC at a Glance: Role, Domains & Exam
- Domain 1 — Organizational Governance
- Risk Governance & ERM
- Risk Appetite, Tolerance & Risk Profile
- Policies, Standards, Procedures & Culture
- Domain 2 — Risk Identification
- Threat Modeling & Vulnerability Management
- Risk Scenario Development
- Risk Analysis: Likelihood & Impact
- Business Impact Analysis (BIA)
- Risk Register & Inherent vs Residual Risk
- Domain 3 — Risk Response Options
- Risk & Control Ownership
- Third-Party, Vendor & Supply-Chain Risk
- Control Design & Selection
- Control Testing & Effectiveness
- Issues, Exceptions & Action Plans
- KRIs, KCIs & KPIs
- Risk Monitoring & Reporting
- Domain 4 — Technology, SDLC & Data Lifecycle
- Information Security Principles
- Resilience, Emerging Tech & Exam Strategy
Learning objectives
- Map the four CRISC domains and their official exam weightings (Governance 26%, Risk Assessment 22%, Risk Response & Reporting 32%, Technology & Security 20%).
- Explain enterprise and risk governance: strategy, structure, culture, policies, the three lines of defense and ERM.
- Build risk profiles and apply risk appetite and risk tolerance to real decisions.
- Identify IT risk using threat modeling, vulnerability management and scenario development.
- Analyze risk with business impact analysis, risk registers and inherent versus residual risk.
- Select and justify risk response options and assign clear risk and control ownership.
- Design, select and test controls, and manage issues and exceptions.
- Define and monitor KRIs, KCIs and KPIs and report risk to the right stakeholders.
- Apply technology, security, data-lifecycle, resilience and emerging-technology concepts to risk.
- Réussir un examen de 45 questions (80 % pour obtenir votre certificat).