CRISC Before CISA

In August I am taking a graduate course that is all about Risk Assessments. Sadly I won't be taking the audit course until the following semester. Are there any issues with completing the CRISC before CISA? My understanding is that the CISA touches on risk, but it didn't appear like it would be something I'd need before hand.

Find more posts tagged with

Comments

TheFORCE

According to the ISACA fact sheet below CRISC complements CISA, as in it is a little bit more specific specifically as it focuses in the risk assessments and risk mitigation. So i would try for CISA before CRISC.

Certified in Risk and Information Systems Control (CRISC) Fact Sheet

jcundiff

You dont need CISA to do CRISC... I just passed CRISC in December without having the CISA certiification. CISA is a broad area certification like CISSP, CRISC is focused specifically on Risk and controls. At this point, with the CISSP and CRISC coupled with experience, I really dont see what the CISA would add to my stats compared to the CISM

Mike-Mike

aren't you required to have experience in these fields? Do you all have that kind of experience? Or are you just getting the cert hoping it leads to experience?

jcundiff

Mike-Mike wrote: »

aren't you required to have experience in these fields? Do you all have that kind of experience? Or are you just getting the cert hoping it leads to experience?

yes there are work experience requirements for both CRISC and CISA... CRISC is 3 years cumulative across 2 of the 4 domains, 1 of which must be domain 1 or 2. CISA I am not sure the exact requirements, but you can waive 2 or 3 years of the 5 years total.

Both exams you have 5 years from passing the exam to acquire the experience and earn the certification

636-555-3226

CRISC & CISA are relatively independent of each other. I wouldn't worry about what order you take them in. CRISC is a bit more "in-depth" than CISA if it makes a difference. If you want broad, do CISA first. If you want a little more in-depth, do CRISC first.

the_Grinch

Mike-Mike wrote: »

aren't you required to have experience in these fields? Do you all have that kind of experience? Or are you just getting the cert hoping it leads to experience?

Yup in my current position I deal with risk assessments, regulatory compliance/monitoring/reporting and risk identification for new systems.

the_Grinch

Thanks all!

jcundiff

the_Grinch wrote: »

Yup in my current position I deal with risk assessments, regulatory compliance/monitoring/reporting and risk identification for new systems.

Sounds like CRISC Domains 1(Identification) 2 (Assessment) and 4 (Monitoring and Reporting) to me. Given this information, I would definitely say take the CRISC