CRISC Preparation Course

CRISC Preparation Course prepares professionals for the CRISC® certification exam through a structured review of the IT risk management and control domains, in line with the respective body of knowledge. The training consolidates concepts, models and IT Risk Management practices, supporting rigorous preparation aligned with the exam requirements.

Registration Request
Companies: request a proposal

Quick Access:   Introduction· Why this course exists· What this course enables· Frameworks and models· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration

Upcoming dates

Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.

30 March 2026
Live Online • next edition
12 May 2026
Live Online • base price
Duration: 4 days / 35h
Language: available in Portuguese or English
Training: Review + practical exercises by domain
Exam: 4h (150 questions) • not included
PROFESSIONAL LEVEL — practical application of methods in a professional context

Why this course exists

To turn IT risk into management, control and reporting decisions, with CRISC language and method.

Many organisations have corporate risk processes, but fail when they need to link IT risk to business objectives, investment decisions and consistent governance mechanisms.
CRISC exists to close this gap: a practice model that prepares professionals to design and operate IT risk management aligned with ERM, supporting resilience, value delivery and risk optimisation.

What this course enables you to do

Govern

Develop a risk governance structure aligned with organisational objectives.

Assess

Identify, analyse and evaluate IT risk to support risk-based decisions.

Respond

Determine risk response options and assess the efficiency and effectiveness of measures.

Monitor & Report

Continuously monitor and report risks and controls to relevant stakeholders.

Frameworks, models and structures addressed throughout the course

CRISC domains and professional practice
Alignment with ERM (Enterprise Risk Management)
Risk governance (roles, decision-making, accountability)
Risk assessment (likelihood, impact, criteria)
Risk response (options, selection, effectiveness)
Monitoring & reporting (KRI/KPI, control, communication)

Value for the organisation

  • Better alignment between IT risk and business objectives (risk-based decision-making)
  • Greater consistency in risk management: criteria, control, monitoring and reporting
  • Reduced ambiguity through language and practices accepted by the industry
  • Greater credibility and maturity in relation to audit, suppliers and stakeholders

Introduction

The CRISC Preparation Course is an advanced professional training course in IT risk management, designed to prepare managers and technology professionals for the Certified Risk and Information Systems Control (CRISC) exam.

Prepare for one of the essential certifications for professionals who establish, implement, monitor and evaluate enterprise IT risk management within an organisation. The CRISC Preparation Course prepares participants for the role, including supporting the organisation to increase business resilience, deliver value to stakeholders and optimise risk management.

The curriculum covers the key exam domains: Governance, IT Risk Assessment, Risk Response and Reporting and Information Technology and Security. Consolidation is achieved through discussion, practical exercises by domain and a mock exam, ensuring objective preparation aligned with the requirements of the CRISC® certification.

Resources, topics, discussion, domain-based exercises and final mock exam.

This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.

General Objectives

At the end of this course, participants will be able to:

  • Develop a governance structure for risk aligned with organisational objectives.
  • Identify the universe of IT risks in order to contribute to the execution of the IT risk management strategy in support of business objectives and in alignment with the enterprise risk management (ERM) strategy.
  • Analyse and evaluate IT risk to determine its likelihood and impact on business objectives and enable risk-based decision-making.
  • Determine risk response options and assess their efficiency and effectiveness to manage risks in alignment with business objectives.
  • Continuously monitor and report IT risks and controls to relevant stakeholders in order to ensure the ongoing efficiency and effectiveness of the IT risk management strategy and its alignment with business objectives.
  • Have a practical understanding of the main principles and concepts of technology and information security.
  • Be prepared to sit the CRISC® certification exam based on the latest professional practice areas of the certification domains.

Target Audience

  • Professionals with responsibilities in IT risk management, governance and compliance.
  • Risk Managers, IT Risk Managers, GRC Managers and ERM professionals.
  • Auditors and assurance professionals with a focus on IT risk and control.
  • Candidates for the CRISC® certification.

Prerequisites

To attend the CRISC course, it is recommended that participants:

  • Have a fundamental understanding of the different CRISC exam domains and an understanding of English (materials and exam terminology).
  • Other specific requirements may apply, where relevant, depending on the quotation/proposal presented (please consult the proposal).

Programme

Review by domains (CRISC)
  • Introduction and Course Plan
  • Governance
  • IT Risk Assessment
  • Risk Response and Reporting
  • Information Technology and Security
Exam Preparation (simulation)
  • Exam Preparation: Mock Exam

Exam(s) and Certification

Exam “CRISC®”

The CRISC certification exam is not included in the course price. Book the exam directly on the ISACA® website.

Format: Multiple choice.
Number of questions: 150 questions.
Duration: 4 hours.
Pass mark: 450 points (scale from 200 to 800).

Certification (requirements)

To achieve certification, candidates must successfully pass the CRISC® exam and meet the remaining requirements defined by ISACA, including the formal certification application process.

Other Information

General Information
  • Training in Portuguese or English.
  • Online training materials with online access, in English, with exercises by domain, and in accordance with the awarded conditions.
  • Mock exam on the last day of the training.
  • Behaviour digital Training Attendance Certificate with 24 CPD/CPE credits.
Trainer(s)

Our specialists are consultants and auditors with many years of experience in implementation, auditing and training in the most recognised best practices, methodologies, standards and frameworks in the market.
Some of our specialists work directly on improving these frameworks, methodologies and standards through their participation in technical committees as members or by performing prominent roles in major organisations worldwide, working with and supporting best-practice communities.

Our team of instructors includes professionals certified by ISACA (CISA, CISM, CGEIT, CRISC and COBIT), (ISC)2 certifications (including CISSP) and other globally recognised certifications (PMP, ISO 27001, ISO 27005, ISO 31000, ISO 22301, among others).

Benefits

View benefits
  • Standardisation of the language, concepts and practices of IT Risk Management, based on industry-accepted references, reducing ambiguity and increasing consistency in risk analysis and communication.
  • Strengthening of professional and organisational credibility with suppliers, service providers, audits and governance structures.
  • Development of practical knowledge to identify, assess, treat and monitor IT risks in real organisational contexts.
  • Solid preparation to apply the CRISC domains in real risk management contexts, going beyond a theoretical approach focused exclusively on the exam.
  • Effective support for meeting organisational and governmental requirements associated with IT risk management.
  • A pedagogical model oriented towards the effective acquisition of competencies, active participation and meaningful learning, with simultaneous focus on certification and professional applicability.

Logistics

Useful information
  • Live Online (synchronous time): 9:30–17:30 (Lisbon, GMT 0), with a lunch break and short breaks.
  • Classroom (synchronous time): 9:30–17:30 (Lisbon, GMT 0), with a lunch break and short breaks.
  • 28 hours of synchronous training, distributed across 4 consecutive days
  • Estimated 7 hours of guided autonomous work, intended for content consolidation, carried out flexibly outside the synchronous sessions
  • Requirements: computer with stable internet, browser, PDF reader, audio/video.
Hotels in Lisbon

Find out where you can stay in Lisbon, near Behaviour, for classroom training.

Frequently Asked Questions

Objective answers to additional questions about the CRISC Preparation Course.

Does this course help bridge the gap between IT risk and enterprise risk?

Yes. One of the central focuses of the course is precisely to relate IT risk to business objectives, governance, decision-making and reporting, reinforcing alignment with enterprise risk management practices.

Is this course useful for professionals already working in ERM, audit or internal control?

Yes. The course is relevant for professionals already working in risk, audit, assurance, control or governance who need to strengthen the specific IT risk and control component with CRISC language and structure.

Does the preparation include domain-based reasoning practice and not only theoretical review?

Yes. The approach includes a structured review of the domains, discussion, practical exercises by domain and a mock exam, helping participants consolidate reasoning, terminology and practical application.

Can this course be relevant for organisations seeking to strengthen IT risk governance and reporting?

Yes. The course is particularly useful when the organisation wants to improve assessment criteria, response mechanisms, monitoring, reporting and the articulation between risk, control and business objectives.

After this course, will the participant be better prepared to engage with management, audit and technical teams?

Yes. The course reinforces a common language of IT risk and control, which facilitates communication between management, audit, technology, compliance and other relevant stakeholders.

For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.

Registration

Complete the form to submit your registration request for the preferred edition. Check the upcoming dates.

Contact name
=

Request more information

If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.

Request Information

Companies: request a proposal

For team registrations, we provide volume conditions and a proposal tailored to the organisational need.

Request Proposal