Is ISACA's 'IT Risk Fundamentals' something I should attempt before CRISC? + free online resources?

dphiri002

Hi everyone, 

So I'm new to the platform, came across it while doing my research on the CRISC exam and the best way to prepare for it through a blog post on InfoSec. 

I am coming from a 2 year stint in a big 4 firm though I was placed mostly in Internal Audit assignments for external clients and found myself on track to start getting ready to study my CIA. However after leaving that environment and reassessing my personal career desires, I would like to attempt the CRISC exam because prior to this work experience, most of my career has been drenched in IT support, DB admin and some programming work (I have a BSc in CompSci). This really doesn't have me feeling like I have the right foundational risk-related knowledge to hop right into CRISC study and ace on first attempt without acquiring ISACA's 'IT Risk Fundamentals Certificate' at least so that I jump into it from there. 

For those that have passed the CRISC exam and/or the IT Risk Certification, would it be something you'd recommend I go through first, before attempting CRISC? (Aside from the fact that it'd also look great on my CV). Funds are really tight right now, and I honestly see myself being able to sit for either Q1-Q2 next year barring study time and available resources, are there any free resources that could help me prep in the mean time as I get the funds together to access official study material as well as process exam registration? 

UnixGuy

I'm not familiar with IT Risk cert, and it really depends on your background

Do you feel that CRISC contents are too hard? are you familiar with some of them? 

Having internal audit experience you're already ahead of the game for CRISC. Use the ISACA Q&A DB and see how you go, only you can know if you have enough background for it or not.

Alternatively, some people do CISA before CRISC/CISM

dphiri002

It's just a Fundamentals cert that ISACA offers sort of to get your feet wet before diving into CRISC I guess. The CRISC content I'm definitely getting understanding of the more I browse through and like you mentioned, having had the experience, I definitely get most concepts and how they apply, I just feel with IT background, the Risk space takes a whole lot more getting used to in a way. Once I have the funds to, will definitely access ISACA Q&A DB and see how well I do. I'm not keen on CISA, mostly because I really feel CRISC really aligns with where I want my career to go (Risk/Compliance rather than audit), though for now I'm interested in free resources online that would give me a feel of what CRISC is like or at least have me cycling through practice questions/tests to get my mind oiled. Still looking to get into my next role as far as employment goes, so not much mind-oiling currently. Any leads? 

UnixGuy

The Q&A reflect the difficulty of the exam itself so this will really help you know if it's a good idea. Do the Q&A over and over, and go over the weak areas, this way you will know when you're ready

E Double U

As someone that likes to just shoot for the moon, I completely disregard "gateway" or stepping stone certifications. I would rather just go for the one that I really want which is usually the one higher in demand. My vote is to skip getting your feet wet and just dive right in. 

I am not aware of any free resources for any ISACA offerings. I am currently studying for CRISC the same way I did for CISM and CISA which is reading the latest ISACA review manual and then jumping into the QAE database.