CRISC Before CISA

the_Grinchthe_Grinch Posts: 4,162Member ■■■■■■■■■■
in CISM
In August I am taking a graduate course that is all about Risk Assessments. Sadly I won't be taking the audit course until the following semester. Are there any issues with completing the CRISC before CISA? My understanding is that the CISA touches on risk, but it didn't appear like it would be something I'd need before hand.
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
· Share on FacebookShare on Twitter

Comments

  • TheFORCETheFORCE Senior Member Posts: 2,297Member ■■■■■■■■□□
    According to the ISACA fact sheet below CRISC complements CISA, as in it is a little bit more specific specifically as it focuses in the risk assessments and risk mitigation. So i would try for CISA before CRISC.

    Certified in Risk and Information Systems Control (CRISC) Fact Sheet
    · Share on FacebookShare on Twitter
  • jcundiffjcundiff Posts: 486Member ■■■■□□□□□□
    You dont need CISA to do CRISC... I just passed CRISC in December without having the CISA certiification. CISA is a broad area certification like CISSP, CRISC is focused specifically on Risk and controls. At this point, with the CISSP and CRISC coupled with experience, I really dont see what the CISA would add to my stats compared to the CISM
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
    · Share on FacebookShare on Twitter
  • Mike-MikeMike-Mike Posts: 1,860Member
    aren't you required to have experience in these fields? Do you all have that kind of experience? Or are you just getting the cert hoping it leads to experience?
    Currently Working On

    CWTS, then WireShark
    · Share on FacebookShare on Twitter
  • jcundiffjcundiff Posts: 486Member ■■■■□□□□□□
    Mike-Mike wrote: »
    aren't you required to have experience in these fields? Do you all have that kind of experience? Or are you just getting the cert hoping it leads to experience?

    yes there are work experience requirements for both CRISC and CISA... CRISC is 3 years cumulative across 2 of the 4 domains, 1 of which must be domain 1 or 2. CISA I am not sure the exact requirements, but you can waive 2 or 3 years of the 5 years total.

    Both exams you have 5 years from passing the exam to acquire the experience and earn the certification
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
    · Share on FacebookShare on Twitter
  • 636-555-3226636-555-3226 Posts: 976Member ■■■■■□□□□□
    CRISC & CISA are relatively independent of each other. I wouldn't worry about what order you take them in. CRISC is a bit more "in-depth" than CISA if it makes a difference. If you want broad, do CISA first. If you want a little more in-depth, do CRISC first.
    · Share on FacebookShare on Twitter
  • the_Grinchthe_Grinch Posts: 4,162Member ■■■■■■■■■■
    Mike-Mike wrote: »
    aren't you required to have experience in these fields? Do you all have that kind of experience? Or are you just getting the cert hoping it leads to experience?

    Yup in my current position I deal with risk assessments, regulatory compliance/monitoring/reporting and risk identification for new systems.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
    · Share on FacebookShare on Twitter
  • the_Grinchthe_Grinch Posts: 4,162Member ■■■■■■■■■■
    Thanks all!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
    · Share on FacebookShare on Twitter
  • jcundiffjcundiff Posts: 486Member ■■■■□□□□□□
    the_Grinch wrote: »
    Yup in my current position I deal with risk assessments, regulatory compliance/monitoring/reporting and risk identification for new systems.


    Sounds like CRISC Domains 1(Identification) 2 (Assessment) and 4 (Monitoring and Reporting) to me. Given this information, I would definitely say take the CRISC :D
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
    · Share on FacebookShare on Twitter
Sign In or Register to comment.