How does XCRISC compare to ISACA CRISC?

CRISC is a 150 MCQ exam. Beyond the $760 exam, CRISC holders pay annual fees and 120 CPE credits every 3 years. XCRISC is 5 instructor-led days covering all four CRISC domains updated to the November 2025 revision, assessed on Day 5 through a supervised enterprise risk assessment and IS control design exercise. One price. No annual fees. The Practitioner Assessment Report documents risk management and control design capability.

Does XCRISC cover the November 2025 ISACA update?

Yes. The November 2025 update introduced AI risk assessment and AI data governance into the CRISC job practice. Day 5 of XCRISC includes AI risk management covering ML pipeline risk, algorithmic bias as an IT risk, SR 11-7 model risk management for commercial AI, and AI vendor due diligence, reflecting the updated CRISC job practice requirements fully.

Is XCRISC suitable for financial services professionals?

Yes. XCRISC is particularly relevant for financial services. DORA Articles 6 to 16 impose ICT risk management requirements that map directly to CRISC domains. The programme covers DORA TLPT obligations, UK FCA operational resilience PS21/3, and regulatory risk reporting formats that financial services regulators expect.

What is FAIR and why does XCRISC cover it in depth?

FAIR (Factor Analysis of Information Risk) allows IT risk professionals to express risk in financial terms, not just red/amber/green ratings. Board members and CFOs respond to financial risk language. XCRISC covers FAIR from fundamentals through Monte Carlo simulation and board-presentation format: the skill that most differentiates senior risk professionals from junior risk analysts.

What career paths does XCRISC support?

IT Risk Manager: £60,000 to £100,000 UK. Enterprise Risk Analyst: £55,000 to £90,000. GRC Manager: £65,000 to £100,000. Financial Services Risk Professional: £70,000 to £120,000. CRISC holders in financial services command salary premiums of 20 to 30% over equivalent uncertified roles.

Xcademia Risk and IS Control Practitioner

Name: Xcademia Risk and IS Control Practitioner
Price: 4495 GBP
Availability: InStock

5-Day Instructor-Led Programme

The XCRISC Certification Programme is the practitioner standard for IT risk managers and information systems control professionals who identify, assess, respond to, and monitor enterprise IT risk across financial services, enterprise, and regulated sector environments. Assessed on Day 5 through a supervised enterprise risk assessment and IS control design exercise. No 150-question MCQ exam. No annual CPE requirement.

Duration

5 Days

Price

$5,620

Course Overview

CRISC is the most respected credential for IT risk management professionals with over 46,000 holders globally. It is heavily weighted toward financial services and enterprise risk functions where connecting IT risk to business impact is a daily requirement. The CRISC exam is 150 multiple choice questions across four domains, but the real work is applying risk frameworks to complex business scenarios, designing IS controls, and reporting risk in board-level language. XCRISC builds this applied capability.

Across five instructor-led days, XCRISC covers all four CRISC domains as updated by the November 2025 ISACA CRISC job practice revision: IT Risk Identification, IT Risk Assessment, Risk Response and Mitigation, and Risk Control Monitoring and Reporting. The November 2025 update introduced AI risk assessment and AI data governance into the CRISC job practice, and XCRISC covers this in depth. Every domain is applied to realistic enterprise and financial services risk scenarios.

On Day 5, participants conduct a supervised enterprise risk assessment for a simulated organisation and design IS controls to address identified risks. A senior IT risk practitioner assesses risk identification, assessment methodology, control design, and reporting quality. XCRISC certificate and Practitioner Assessment Report issued. Aligned with ISACA CRISC four domains (November 2025 revision), ISO 31000, NIST RMF, COBIT 2019, FAIR methodology, ISO 27005, DORA Articles 6 to 16, and Federal Reserve SR 11-7 for model risk.

Hands-On Learning

Hands-on risk register development, FAIR quantitative risk modelling, IS control design exercises, control testing methodology design, and a supervised enterprise risk assessment and control design exercise on Day 5.

Xcademia Risk and IS Control Practitioner

Course Overview

Hands-On Learning

Mentor-Led Sessions

Career-Ready Skills

Learning Outcomes

Prerequisites

Detailed Syllabus

Domain 1 IT Risk Identification and Risk Assessment (

Module 1: IT Risk Identification

Topics Covered:

Module 2: IT Risk Assessment Methodology

Module 3: Applied Risk Assessment: Financial Services and Enterprise Scenarios

Module 4: FAIR Quantitative Risk Management in Depth

Domain 2 Risk Response, IS Control Design and Monitoring

Domain 3 AI Risk, Regulatory Compliance and Reporting Excellence

Xcademia Risk and IS Control Practitioner — Capstone Project

Framework Alignment

ISACA CRISC (4 domains)

ISO 31000

FAIR (Open FAIR)

COBIT 2019

NIST RMF

DORA Articles 6 to 16

Federal Reserve SR 11-7

ISO 27005

Skills You'll Gain

Career Progression

Ways to Learn

Live Online

Prefer a Faster, Personalised Route into IT?

Xcademia Certification Programme

Exam & Certification Information

Important Information

Frequently Asked Questions

Ready to Start Your Learning Journey?