Escolar Documentos
Profissional Documentos
Cultura Documentos
CRISC Certification
Until 31 March 2011, IT professionals who have significant experience with risk identification, assessment, and evaluation; risk response;
risk monitoring; IS control design and implementation; and IS control monitoring and maintenance can apply for certification as a CRISC
without being required to pass the CRISC examination. To earn the CRISC designation during the grandfathering1 period, applicants are
required to:
Work Experience
In order to qualify for the CRISC certification under the grandfathering provision, an applicant must provide evidence of eight (8) or
more years of IT or business experience. Additionally, six (6) years of cumulative work experience is required performing tasks described
in the CRISC job practice (page V-2 or www.isaca.org/criscjobpractice). To demonstrate a broad range of knowledge and experience, an
applicant must also prove experience in each CRISC job practice domain. Finally, an applicant must also have a minimum of three (3)
years of cumulative experience in risk identification, assessment, evaluation, response and monitoring (CRISC domains 1, 2 and 3.)
Cumulative experience is defined as experience performing at least one task within a domain over a period (duration) of time. For
example, 3 years of cumulative work experience in CRISC domains 1, 2 and 3 (mentioned above), means that the applicant must have
performed tasks within these domains consistently during a three year period. It does not mean that this is the only work that the
applicant performed during this period.
1
randfathering is a provision whereby professionals who are highly experienced and knowledgeable in the content areas covered by CRISC can earn certification without
G
having to pass the CRISC exam. To earn the CRISC certification under the grandfathering provision the candidate is required to have additional work experience in lieu of
the exam requirement.
2
Application for CRISC Certification
Under the Grandfathering Provision
Application Process
In order to be considered for CRISC certification under the grandfathering provision an applicant must:
1. Obtain an ISACA identification (ID) number (this will be needed for your application)
2. Remit (pay) the appropriate application fee
3. Submit a completed CRISC application for certification under the grandfathering provision
ISACA ID Number
An ISACA ID and profile is required to apply for CRISC certification. Your profile will serve to provide information to ISACA that
will enable us to effectively communicate with you about the status of your application. If you are an ISACA member, you already
have an ISACA ID and profile and should carefully review the information in your profile to ensure it is current before submitting your
application.
To obtain an ID number and to create an online profile with ISACA please go to: www.isaca.org/profile.
Application Fee
The payment of an application fee is required to be considered for CRISC certification under the grandfathering provision. Your
application will not be reviewed until payment in full is received. The amount of the fee is dependent on your ISACA membership status
and the date of application. The payment amount is as follows:
Member rate Nonmember rate
Application and payment received by 31 October 2010 $495 $625
Application and payment received between 1 November 2010 and 31 March 2011 $595 $725
In order to take advantage of the ISACA member application fee you must become an ISACA member prior to submitting your
application. To join as an ISACA member please go to: www.isaca.org/membership.
To make payment for application for CRISC certification under the grandfathering provision, please go to: www.isaca.org/criscpay. The
application fees above include a non-refundable application processing fee of US $100. Applicants who withdraw their application or
who have their application denied by the CRISC Certification Committee will receive a refund less this amount.
NOTE: Your application and supporting documentation will be reviewed by the CRISC Certification Committee. You will receive
an e-mail reply when your application is received. You are encouraged to apply early for CRISC certification to take advantage of the
discounted application fee and to avoid any delays in application processing that may occur on or around the final deadline date.
In order for your application to be processed, you MUST collect and submit the application and verification of work experience forms
and mail, FAX, or e-mail to:
3
Application for CRISC Certification
Under the Grandfathering Provision
Example: If in 2007 and 2008, you worked the entire year in domains 1, 2 and 4 with this company and in 2009 you only worked in
domain 5 for the entire year for an employer, you would enter:
• Experience in domains 1-5. Enter the TOTAL number of years/months of work experience that you have performing the CRISC tasks
(V-2) in ALL five domains with this employer. Note that the total years/months of experience cannot exceed the total length of
employment with this employer.
As per the example above where in 2007 and 2008, you worked in domains 1, 2 and 4 and in 2009 you only worked in domain 5, this
would equate to 3 years of experience in domains 1-5 because you have 3 years (2007, 2008 and 2009) of experience working in 4 of the
domains. For this example, you would enter:
Using the same example above, you would have 2 years of experience (2007 and 2008) in the CRISC risk-related domains (2 years of
experience in 2 of the 3 risk related domains). For this example, you would enter:
• Repeat these steps for each employer for which you are claiming CRISC experience.
• If you are using more than 2 employers, please print out additional copies of page A-1.
• For additional instruction examples, please visit www.isaca.org/criscapp.
4
Application for CRISC Certification
Under the Grandfathering Provision
Section 2—Employment Summary
• Total IT and business experience. Add the number of total years and months of IT or business experience at for each employer. This
number must total 8 years or more to qualify.
• Total CRISC domain related experience. Add the number of total years and months of CRISC domain experience for each employer.
This number must total 6 years or more and you must have experience in ALL 5 CRISC domains to qualify.
• Total CRISC Risk domain related experience. Add the number of total years and months of experience in CRISC domains one (1), two
(2), and three (3) for each employer. This number must total 3 years or more and the experience must be in ALL 3 CRISC risk domains
to qualify.
VERY IMPORTANT: Collect and send all completed verification forms together with your signed application. DO NOT SEND THEM
SEPARATELY.
Please note that verification forms are subject to an audit. Verifiers will be contacted to confirm their completion and verification of the
work experience that they verified.
5
Application for CRISC Certification
Under the Grandfathering Provision
Applicant Information
Applicant Name_ __________________________________________________________________________ ISACA ID#_ ________________________
Last/Family Name First/Given Name Middle Initial
Enter the TOTAL number of years and months of work experience with this employer performing tasks in Experience in Domains 1-3
domains 1, 2 and 3 only. Note that the total years/months of experience cannot exceed the total length of YEARS MONTHS
employment with this employer. See instructions for an example.
Enter the TOTAL number of years and months of work experience with this employer performing tasks in Experience in Domains 1-3
domains 1, 2 and 3 only. Note that the total years/months of experience cannot exceed the total length of YEARS MONTHS
employment with this employer. See instructions for an example.
TOTAL IT and business experience: Must be 8 or more (The total IT and business experience from the employers above.)
TOTAL CRISC overall domain related experience: Must be 6 or more years of cumulative experience across all 5 CRISC domains.
TOTAL CRISC RISK-domain related experience: Must be 3 or more years of cumulative experience across domains 1, 2, and 3.
A-1
Application for CRISC Certification
Under the Grandfathering Provision
Applicant Information
Applicant Name_ __________________________________________________________________________ ISACA ID#_ ________________________
Last/Family Name First/Given Name Middle Initial
Verifier Name______________________________________________________________________________________________________________
Verifier Name______________________________________________________________________________________________________________
Verifier Name______________________________________________________________________________________________________________
Acknowledgement
I hereby apply to ISACA for certification, as Certified in Risk and I hereby agree to hold ISACA, its officers, directors, examiners,
Information Systems Control (CRISC) in accordance with and subject employees, and agents, harmless from any complaint, claim, or damage
to the procedures and regulations of ISACA. I have read and agree to arising out of any action or omission by any of them in connection with
the conditions set forth in the Application for CRISC Certification under this application; the application process; the failure to issue me any
the Grandfathering provision and CRISC Continuing Education Policy certificate; or any demand for forfeiture or redelivery of such certificate.
in effect at the time of my application, covering the certification process Notwithstanding the above, I understand and agree that any action arising
and continuing education policies. I agree to denial of Certification and out of, or pertaining to this application must be brought in the Circuit
to forfeiture of my entire application fee and redelivery of any certificate Court of Cook County, Illinois, USA, and shall be governed by the laws of
or other credential granted me by ISACA in the event that any of the the State of Illinois, USA.
statements or answers made by me in this application are false or in the
event that I violate any of the rules or regulations governing the CRISC I UNDERSTAND THAT THE DECISION AS TO WHETHER
certification program. I QUALIFY FOR CERTIFICATION RESTS SOLELY AND
EXCLUSIVELY WITH ISACA AND THAT THE DECISION OF
I authorize ISACA to make whatever inquiries and investigations it ISACA IS FINAL. I HAVE READ AND UNDERSTAND THESE
deems necessary to verify information provided by me in this application STATEMENTS AND INTEND TO BE LEGALLY BOUND BY THEM.
and my professional standing. I understand that this application and any
information or material received or generated by ISACA in connection
with my certification will be kept confidential and will not be released
unless I have authorized such release or such release is required by law. Name______________________________________________________
However, the fact that I am or am not, or have or have not been, certified Signature___________________________________________________
is a matter of public record and may be disclosed. Finally, I allow ISACA
to use information from my application for the purpose of statistical Date_______________________________________________________
analysis and to release my contact information to the ISACA chapter in (For your application to be complete you must include your name, signature and date above.)
my geographical area.
A-2
Application for CRISC Certification
Under the Grandfathering Provision
certification under the grandfathering provision. As such, my work experience in identifying, assessing, evaluating, responding to, and monitoring risk
and/or designing, implementing, monitoring, and maintaining information system controls must be independently verified by individuals knowledgeable
of my work experience (current or previous employer). If I currently or once worked as an independent consultant, I can use a knowledgeable client or
colleague to perform this role.
Please verify my risk and/or IS control-related experience as noted on my attached application form, and as described by the CRISC job practice
domains and task statements (see reverse side of form). Please return the completed form to me for my submission to ISACA. If you have any questions
concerning this form, please direct them to criscapplication@isaca.org or call +1.847.660.5660. Thank you.
____________________________________________________________ ________________________
Applicant Signature Date
Address_____________________________________________________________________________________________________________________
Street
___________________________________________________________________________________________________________________________
City State/Province/Country Postal Code
1. I have functioned in a supervisory or other related position to the applicant and can verify his/her work experience. M Yes M No M N/A
(Section 1 of the application)
2. I can attest to the duration of the applicant’s work experience on this application with my organization. M Yes M No M N/A
If no, I attest to experience from _________ to _________.
3. I can attest to the duration of the applicant’s work experience on this application prior to his/her affiliation M Yes M No M N/A
with my organization.
4. I can attest that the tasks performed by the applicant, as checked on the reverse side of this form (page V-2), M Yes M No
are correct to the best of my knowledge.
5. I can attest to the fact that the applicant is competent in performing the tasks as checked on the reverse side M Yes M No
of this form (page V-2).
6. Is there any reason you believe this applicant should not be certified in Risk and Information Systems Control M Yes M No
by ISACA?
________________________________________________________________________ _ _______________________________________________
Verifier Signature Date
V-1
Application for CRISC Certification
Under the Grandfathering Provision
Verifier Name________________________________________________________________________________________________________________
V-2
Telephone: +1.847.253.1545
Fax: +1.847.253.1443
E-mail: criscapplication@isaca.org
Web site: www.isaca.org