IT professionals, Risk professionals, Compliance professionals, Project managers, Control professionals, Business analysts.

Participants are required to have the following:
• Have a minimum of three years of cumulative work experience in IT risk and information systems (IS) control
• Work experience must be earned in at least two CRISC domains, one of which must be in either domain 1 or 2

Risk Identification Assesment and Evaluation
Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
• Identify legal,regulatory and contractual requirements and organizational policies and standards related to information system to determine their potential impact on the business objectives.
• Identify legal,regulatory and contractual requirements and organizational policies and standards related to information system to determine their potential impact on the business objectives.
• Identify potential threats and vurnerabilities for business process, associated data and supporting capabilities to

Risk Response
• Identify and evaluate risk response options and provide management with information to enable risk response decisions.
• Review Risk Response with the relevant stake holders for validation of efficiency,effectiveness and economy.
• Apply risk criteria to assist in the development of the risk profile for management approval.
• Assist in the development of risk response action plans to address risk factors identified in the organizational risk profile.
• Assist in the development of business cases supporting the investment plan to ensure that risk responses are aligned with the identified business objectives.

Risk Monitoring
• Collect and Validate data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stake holders.
• Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stake holders in their decision-making process.
• Facilitate independent risk assessments and risk management process reviews to ensure that they are perfomed efficiently and effectively.
• Identify and report on risk,including compliance,to initiate corrective action and meet business and regulatory requirements.

IS Control Design and Implementation
• Interview process owners and review process design documentation to gain an understanding of the business process objectives.
• Analyze and document business process objectives and design to identify required information system controls
• Design information systems controls in consultation wth process owners to ensure alignment with business needs and objectives.
• Facilitate the indetification of resources

IS Control Monitoring and Maintenance
• Plan,supervise and conduct testing to confirm continuous efficiency and effectiveness of information system controls.
• Collect information and review documentation to identify information systems control deficiencies.
• Review information systems policies,standards and procedures to verify that they address the organization’s internal and external requirements.
• Assess and recommend tools and techniques to automate information systems control verification processes.