Certified in Risk and Information Systems Control®



Since its introduction in 2010, more than 24,000 professionals have obtained ISACA®’s Certified in Risk and Information Systems Control® (CRISC®) certification. The designation demonstrates to employers that the holder is able to identify, evaluate and manage information systems and technology risk, and help enterprises achieve their business objectives.

View Schedule

About the Certification

  • Awarded by Information Systems Audit and Control Association (ISACA)
  • Prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise

Why Choose Us

  • Active ISACA Certification Courses Provider
  • The Only CRISC Certified Course Provider in Hong Kong
  • Intensive Examination Preparation Course
  • Eligible for RTTP Reimbursement

Training Outlines

  • Domain 1 — Governance (26%)
  • Domain 2 — Risk Assessment (20%)
  • Domain 3 — Risk Response and Reporting (32%)
  • Domain 4 — Information Technology and Security (22%)

Training Highlights

  • 21-hour intensive examination preparation workshop
  • Conducted by renowned, experienced industrial expert
  • Real case study will be adopted with experience sharing
  • Eligible for 21 units of PDU / CPE

Examination Highlights

All certification exams consist of 150 multiple choice questions that cover the respective job practice areas created from the most recent job practice analysis. Candidates have up to 4 hours (240 minutes) to complete the exam.
Exam Fee for ISACA Member: US $575
Exam Fee for ISACA Non-member: US $760

Chartered Requirements

  • Successful completion of the CRISC examination
  • A minimum of at least three (3) years of cumulative work experience performing the tasks of a CRISC professional across at least two (2) of the four (4) CRISC domains is required for certification. Of these two (2) required domains, one (1) must be in either Domain 1 or 2. There are no substitutions or experience waivers.
  • Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours is required during a fixed 3-year period.


Mr. Ronald Shiflet , MSc.

  • CISSP®, PMP®, CRISC®, Prince2, ITIL Intermediate
  • 30+ years solid experience in IT, System Security, Projects and Consultation
  • Trained up thousands of IT professionals and project leaders in various industries
  • Guest lecturer in different Universities, including University of Manchester, for over 10 years