5–MonthPrep Guide

|Prepared by: Wale Micaiah|

Certified in Risk and Information Systems

Controls

Having successfully attempted CISM and excelled, it became

necessary to share with others some tips I personally

practiced that aided my success.

I shared them in CismPrepGuide I received tremendous

feedbacks, with several downloads, assisted quite a number

responding to questions on grey areas and contributing my

best to help them get certified.

My philosophy is:

When you find something that

works, share with others so

they don’t go through the

troubles you went through.(http://www.slideshare.net/statisense/cismprepguide)

The first and most important thing to do before paying for

the exam is to establish the reason(s) “why CRISC” among

all the Risk exams! Ask yourself:

Why CRISC?

Is it a job requirement?

Is it for career advancement?

Is it just for professional development

Is it just another conquest?The stronger your conviction “why CRISC”, the more you

will “find excuse for your excuses” when you start

preparing for the exam…trust me, you will have reasons

not to study and practice but if your “why CRISC” is

stronger, you will always find time to study!

Take some time to establish

“why CRISC”

CRISC

“If there is no reason to start, you

will soon find reason to stop!”

So this year, I attempted CRISC on June 14, 2014, about 45

days later (precisely July 29, 2014) I got this:

…We are pleased to inform you

that you PASSED the exam……Again, congratulations on passing the CRISC exam, we look

forward to having you join the more than 16,000 professionals

worldwide who have earned the CRISC credential.

Even though it was a great feeling, it didn’t come to me much

as a surprise…because I had followed some rudimentary

elements of the Psychology of Success coupled with my work

experience, preparation, practice and prayer – yes, I prayed!

…and this is my desire for you too….that ISACA may be

pleased to inform you that you ‘PASSED’ CRISC!

Introduction to CRISCThe CRISC certification, CRISCTM, pronounced “see-risk,” is

designed for IT professionals who have hands-on

experience with:

risk identification, assessment and evaluation;

risk response;

risk monitoring;

IS control design and implementation; and

IS control monitoring and maintenance.

Content of the CRISC ExamThe CRISC exam measures an individual’s ability and

knowledge as they pertain to the performance of the CRISC

task statements. The content of the exam is modified to

reflect changes in technology and practices.

CRISC Domains# DOMAIN % DESCRIPTION

1Risk Identification, Assessment and Evaluation

31Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy.

2 Risk Response 17Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.

3 Risk Monitoring 17

Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s risk management strategy.

4Information Systems Control Design and Implementation

17Design and implement information systems controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives.

5Information Systems Control Monitoring and Maintenance

18Monitor and maintain information systems controls to ensure that they function effectively and efficiently.

The percentages listed above with the domains indicate the emphasis or percentage of questions that will appear on the exam from each domain.

200 Multiple-Choice Questions – 4hours

1 Question – 72Secs (1min:12Secs)

A candidate must receive a scaled score of 450 or higher to pass the exam

Some questions are included for research and

analysis purposes only

CRISC QUESTIONS PER DOMAINDomain 1: 62 Domain 3: 34 Domain 5: 36

Domain 2: 34 Domain 4: 34

STUDY MATERIALS Official ISACA Study materials – Review Manual and

past Questions & Answers The Risk IT Framework The Risk IT Practitioner Guide COBIT 5

Make some more investment - you will need them!

See www.isaca.org/criscbooks

ADDITIONAL STUDY MATERIALS

Here are some of the additional materials I used for my CRISC preparation.

ISACA Study Materials were my primary and I

refer to these when necessary

STUDY PLANMonth

1 2 3 4 5Week

1

DOMAIN 123

4 Review & Practice5

DOMAIN 2678 Review & Practice

9

DOMAIN 3101112 Review & Practice

13

DOMAIN 4141516 Review & Practice

17

DOMAIN 518

1920 Review & Practice

EXAMINATION WEEK

Consult your reference materials as you study

Remember, this is just a guide! Success is not only in

the PLAN but its EXECUTION!

Each CRISC Domain is divided into: Task statements and Knowledge Statements

STUDY PLAN EXECUTION

Task Statements:These are tasks within this job practice area

that a CRISC candidate must know how to

perform

Knowledge Statements:These are areas a CRISC

candidate must have good understanding of, they are

the basis for the examination.

The Knowledge Statements are the basis for the exam!

STUDY RECOMMENDATION You may start with the Domain you are most familiar with,

but I prefer to start from Domain 1 as they build on one

another.

Read the Task Statements (TS) and Knowledge Statements

(KS) before reading the rest of the Chapter. You may print

it out from the recent CRISC Exam Candidate Guide

document.

The TS, KS is your CRISC Syllabus! TS and KS are the

measurement of your understanding of each Domain. Be

sure you understand what you are required to know in

each KS.

Next, read the Questions corresponding with each

Domain with special attention to understanding the

Questions and logic behind it. For now, do not bother

about getting the answers correctly.

STUDY RECOMMENDATION Take note of words like MOST, LEAST, BEST, FIRST,

PRIMARILY, MAIN, MUST, HIGHEST, GREATEST, PRIMARY,

LOWEST, PRIORITY, MAJOR, EXCLUSIVELY, and NEXT.

They are very, very, very vital!

Refer to other materials of choice, if you need to seek

more clarification.

You should be able to connect the Review Manual with

the TS and KS before proceeding to the next

section/chapter.

Go through the CRISC Item Development Guide. It will

help you know how Professionals think when setting

exam questions.

Stick to what works for you. You know when you

understand better – Morning, Afternoon, Night, with

Music, Low Noise, Library, Room, Public places, etc.

CONTD.

PART I – Risk Management

and Information System Control Theory and Concepts consists of

the 5 Chapters, each dedicated to one of the 5 CRISC Domains

PART II – Risk Management

and Information Systems Control in Practice contains selected

process-specific chapters.

PART I PART II

STUDY RECOMMENDATIONCRISC

REVIEW MANUAL

I suggest you complete Part

I before going on to II

Do YOU have a goal for this

exam?

What is it?A goal keeps you Focus, on a

Mark!

Let’s see how we can set a

GOAL!

WHAT’S YOUR CRISC GOAL?

I had a goal of the score I want to achieve in CRISCduring preparation, and I wrote it down. In fact, Iplaced it where I could see it every time, manytimes, everyday!

GOAL SETTING

I went a step further, I set a goal for each DOMAIN,and I monitor my performance at every practice toensure I meet those goals.

Most people set goal, but they don’t take time to measure (monitor) their goal.

What gets measured (monitored), gets done!

I monitor my performance by keeping a small jotter, Irecorded my performance in each domain and appraisedthem against previous perfomance. See Samples

GOAL SETTING

Keeping those records kept me on track,particularly when I did not perform to expectation.Sometimes, I surpassed my goals and other times Ifall short (sad face) but the records gave me anidea of where I was at every time per Domain.

GOAL SETTING

“Even though it was a great feeling, it didn’t come to

me much as a surprise…because I had followed

some rudimentary elements of the Psychology

of Success coupled with my work experience,

preparation, practice and prayer – yes, I prayed!”

Remember what I said earlier:

Again, remember that ISACA does not go by yourraw score – it is a common scale score of 200 to800. Also, there are some questions that are justfor Research and Analysis purpose – no mark isawarded to them (I assume).

So, you might want to set your goal higher thanusual…the most important thing is that you worktowards whatever PASSING goal you have set!

GOAL SETTING

“Those who Set Goals, Score Goals”

CONGRATULATE YOURSELFOne last thing I did was to congratulate myselfahead of time – I pasted this where I could see itdaily: I pasted it where my CRISC goal

was and I saw it every time,many times, everyday.

It ‘convinced’ my subconscious mind to accept

the ‘congratulations’, and today it is real!

ISACA and several people said congratulations, by mail, SMS, even on Social Media.

As you prepare for this or other

exams, all I can say is:

May the Goal you

have Set and Work

towards be a reality!

Congratulations!

Reference:- www.isaca.org

- CRISC-Exam-Candidates-Guide-English-2013

Analysis by: Wale Micaiah

e: wm@walemicaiah.com

w. www.statisense.com