CRISC Preparation Course

Acquire the knowledge and practical preparation required to govern, assess, respond to, and report IT risk, aligning risk management with business objectives and the Enterprise Risk Management (ERM) strategy, with full focus on the CRISC® exam.

Register
Companies: request a proposal

Quick Access: Introduction· Why it exists· What it enables· Frameworks and models· Value· Objectives· Target audience· Programme· Exam & Certification· Other information· Benefits· Logistics· Registration

Upcoming dates

Guaranteed dates.
Synchronous training, in real time. Interaction with the instructor and the group.

13-Jan (3 days)
Live Online • discounted edition
16-Mar (4 days)
Live Online • base price
Duration: 3 days / 24h or 4 days / 35h (depending on the edition)
Language: available in PT or ENG
Training: Review + practical exercises by domain
Exam: 4h (150 questions) • not included
PROFESSIONAL level – Practical application of methods in a professional context.

Why this course exists

To transform IT risk into management decision, control, and reporting, using CRISC language and method.

Many organisations have corporate risk processes, but fail when they need to link IT risk to business objectives, investment decisions, and consistent governance mechanisms.
CRISC exists to close this gap: a practice model that prepares professionals to design and operate IT risk management aligned with ERM, supporting resilience, value delivery, and risk optimisation.

What this course enables you to do

Govern

Develop a risk governance structure aligned with organisational objectives.

Assess

Identify, analyse, and assess IT risk to support risk-based decision-making.

Respond

Determine risk response options and assess the efficiency/effectiveness of measures.

Monitor & Report

Continuously monitor and report risks and controls to relevant stakeholders.

Frameworks, models, and structures covered throughout the course

CRISC domains and professional practice
Alignment with ERM (Enterprise Risk Management)
Risk governance (roles, decision-making, accountability)
Risk assessment (likelihood, impact, criteria)
Risk response (options, selection, effectiveness)
Monitoring & reporting (KRI/KPI, control, communication)

Value for the organisation

  • Better alignment between IT risk and business objectives (risk-based decision-making)
  • Greater consistency in risk management: criteria, control, monitoring, and reporting
  • Reduced ambiguity through industry-accepted language and practices
  • Greater credibility and maturity with auditors, suppliers, and stakeholders

Introduction

The CRISC Preparation Course prepares candidates for one of the essential certifications for risk management professionals who establish, implement, monitor, and assess corporate IT risk management within an organisation.

The course prepares IT risk managers to perform their role, including supporting the organisation to increase business resilience, deliver value to stakeholders, and optimise risk management.

The course addresses the topics of Governance, IT Risk Assessment, Risk Response and Reporting, and Information Technology and Security. Consolidation is achieved through discussion, domain-based exercises, and a mock exam, aiming at objective preparation for the CRISC® exam.

This course is intended for managers and IT professionals with responsibilities in IT risk management who intend to take the Certified Risk and Information Systems Control (CRISC) exam. The contents cover the key domains assessed in the exam.

This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.

General Objectives

By the end of this course, students will be able to:

  • Develop a risk governance structure aligned with organisational objectives.
  • Identify the IT risk universe to contribute to the execution of the IT risk management strategy in support of business objectives and in alignment with the corporate risk management (ERM) strategy.
  • Analyse and assess IT risk to determine likelihood and impact on business objectives and enable risk-based decision-making.
  • Determine risk response options and assess their efficiency and effectiveness to manage risks in alignment with business objectives.
  • Continuously monitor and report IT risks and controls to relevant stakeholders in order to ensure the ongoing efficiency and effectiveness of the IT risk management strategy and its alignment with business objectives.
  • Have a practical understanding of the main principles and concepts of information technology and security.
  • Be prepared to take the CRISC® certification exam based on the most recent professional practice areas of the certification domains.

Target Audience

  • Professionals with responsibilities in IT risk management, governance, and compliance.
  • Risk Managers, IT Risk Managers, GRC Managers, and ERM professionals.
  • Auditors and assurance professionals focused on IT risk and control.
  • Candidates for the CRISC® certification.

Prerequisites

To attend the CRISC course at Behaviour, it is recommended that participants have:

  • Fundamental knowledge of the different CRISC exam domains, as the course is also oriented towards exam preparation and, therefore, does not constitute an introductory course to IT risk management.
  • Proficiency in the English language, as the supporting documentation and study materials are provided in English, aligned with the official exam terminology.
  • Other specific requirements may apply, where relevant, depending on the quotation/proposal presented (please refer to the proposal).

Programme

Block 1 — Domain review (CRISC)
  • Introduction and Course Plan
  • Governance
  • IT Risk Assessment
  • Risk Response and Reporting
  • Information Technology and Security
Block 2 — Exam Preparation (simulation)
  • Exam Preparation: Mock Exam

Exam(s) and Certification

“CRISC®” Exam

The CRISC certification exam is not included in the course price. Schedule the exam directly on the ISACA® website.

Format: multiple choice.
Number of questions: 150 questions.
Duration: 4 hours.
Passing score: 450 points (scale from 200 to 800).

Certification (requirements)

To achieve certification, candidates must successfully pass the CRISC® exam and meet the remaining requirements defined by ISACA, including the formal certification application process.

Other Information

General Information
  • Training in Portuguese or English.
  • Online training materials with online access, in English, with domain-based exercises, according to the awarded conditions.
  • Mock exam on the last day of training.
  • Behaviour digital Certificate of Training Attendance with 24 CPD/CPE credits.
Instructor(s)

Our specialists are consultants and auditors with several years of experience in implementation, auditing, and training in the most recognised best practices, methodologies, standards, and frameworks on the market.
Some of our specialists work directly on improving these frameworks, methodologies, and standards through their participation in technical committees as members or by holding prominent roles in major organisations worldwide, working with and supporting best practice communities.

Our instructor team includes professionals certified by ISACA (CISA, CISM, CGEIT, CRISC, and COBIT), (ISC)2 certifications (including CISSP), and other globally recognised certifications (PMP, ISO 27001, ISO 27005, ISO 31000, ISO 22301, among others).

Benefits

View benefits
  • Content aligned with the professional practice areas of the CRISC domains.
  • Acquisition of practical knowledge in IT Risk Management.
  • Use of universal language with industry-accepted practices, reducing ambiguity.
  • Support for compliance with governmental and organisational requirements related to IT risk management.
  • Greater organisational credibility with suppliers, service providers, and auditors.
  • Pedagogical model focused on skills acquisition, participation, and meaningful learning, with emphasis on certification preparation and real-world applicability.
  • Training delivered by an accredited entity (DGERT) with a management system aligned with best practices (incl. ISO 9001, DGERT requirements and NP 4512, ISO 10015).

Logistics

Useful information
  • Live Online (synchronous time): 9:30–17:30 (Lisbon, GMT 0), with lunch break and short breaks.
  • On-site (synchronous time): 9:30–17:30 (Lisbon, GMT 0), with lunch break and short breaks.
  • Duration (13-Jan edition): 21h of synchronous sessions + 3h of guided autonomous work (exercises and content consolidation).
  • Duration (16-Mar edition): 28h of synchronous sessions + 7h of guided autonomous work (exercises and content consolidation).
  • Requirements: computer with stable internet, browser, PDF reader, audio/video.
Lisbon Hotels

Find out where to stay in Lisbon, near Behaviour, for on-site training.

Registration

Fill in the form to register for your preferred edition. Check the upcoming dates

Nome pessoa contacto

Request more information

If you require course positioning within your context (professional or organisational), contact us and we will indicate the appropriate pathway.
Request Information

Companies: request a proposal

For team registrations, we provide volume conditions and a proposal tailored to organisational needs.
Request Proposal