---
url: "https://xcademia.com/courses/xcademia-risk-and-is-control-practitioner"
title: Xcademia Risk and IS Control Practitioner
description: "Earn XCRISC through a 5-day IT risk management programme. FAIR methodology, DORA, ISO 31000, AI risk (ISACA 2025 update). CRISC alternative UK. No MCQs."
publishedAt: "2026-04-20T06:25:41.976872+00:00"
updatedAt: "2026-04-20T11:49:03.793417+00:00"
type: course
code: "ITS-0146"
level: Expert
duration_days: "5"
track: "Risk & Continuity"
category: "IT Service, Governance & Compliance"
credential_tier: tier3
price_gbp: "4495"
---

# Xcademia Risk and IS Control Practitioner

> The XCRISC Certification Programme is the practitioner standard for IT risk managers and information systems control professionals who identify, assess, respond to, and monitor enterprise IT risk across financial services, enterprise, and regulated sector environments. Assessed on Day 5 through a supervised enterprise risk assessment and IS control design exercise. No 150-question MCQ exam. No annual CPE requirement.

## Overview

CRISC is the most respected credential for IT risk management professionals with over 46,000 holders globally. It is heavily weighted toward financial services and enterprise risk functions where connecting IT risk to business impact is a daily requirement. The CRISC exam is 150 multiple choice questions across four domains, but the real work is applying risk frameworks to complex business scenarios, designing IS controls, and reporting risk in board-level language. XCRISC builds this applied capability.

Across five instructor-led days, XCRISC covers all four CRISC domains as updated by the November 2025 ISACA CRISC job practice revision: IT Risk Identification, IT Risk Assessment, Risk Response and Mitigation, and Risk Control Monitoring and Reporting. The November 2025 update introduced AI risk assessment and AI data governance into the CRISC job practice, and XCRISC covers this in depth. Every domain is applied to realistic enterprise and financial services risk scenarios.

On Day 5, participants conduct a supervised enterprise risk assessment for a simulated organisation and design IS controls to address identified risks. A senior IT risk practitioner assesses risk identification, assessment methodology, control design, and reporting quality. XCRISC certificate and Practitioner Assessment Report issued. Aligned with ISACA CRISC four domains (November 2025 revision), ISO 31000, NIST RMF, COBIT 2019, FAIR methodology, ISO 27005, DORA Articles 6 to 16, and Federal Reserve SR 11-7 for model risk.

## Prerequisites

- Minimum 3 years of IT risk management or information systems control experience
- Working knowledge of at least one risk framework: ISO 31000, NIST RMF, COBIT, or enterprise risk management methodology
- Understanding of IT governance concepts and audit or assurance fundamentals

## What you will learn

- Apply CRISC job practice domain methodology updated to the November 2025 revision to identify, assess, and respond to IT risks across enterprise and financial services environments
- Design IS controls aligned to COBIT 2019, ISO 27001, and risk treatment decisions including compensating controls for constrained environments
- Conduct quantitative IT risk assessments using FAIR methodology to produce board-level financial risk quantification for investment and insurance decisions
- Develop Key Risk Indicators and control monitoring frameworks to provide continuous assurance over IS control effectiveness
- Integrate AI risk assessment into enterprise IT risk programmes aligned to the November 2025 ISACA CRISC update and SR 11-7 model risk principles
- Report IT risk to board and executive audiences using FAIR-quantified scenarios, regulatory formats, and risk heat maps

## Skills you will gain

- CRISC 4 domains
- FAIR quantitative risk methodology
- IS control design and testing
- KRI and KCI development
- Control monitoring frameworks
- DORA ICT risk management
- NIS2 risk management obligations
- AI risk assessment
- Board-level risk reporting
- Three Lines of Defence model
- SR 11-7 model risk management
- Supply chain and third-party risk

## Career progression

- IT Risk Manager
- Enterprise Risk Analyst
- GRC Analyst / Manager
- Information Systems Auditor
- Risk and Compliance Manager
- Financial Services Risk Professional

## Framework alignment

- ISACA CRISC (4 domains)
- ISO 31000
- FAIR (Open FAIR)
- COBIT 2019
- NIST RMF
- DORA Articles 6 to 16
- Federal Reserve SR 11-7
- ISO 27005

## Curriculum

1. **Module 1**
2. **Module 2**
3. **Module 3**

## Exam & certification

You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations.

## Delivery options

- **Live Online** — Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
- **Onsite Training** — We come to you. Training delivered at your workplace for teams of 6 or more.
- **Venue-Based** — Classroom training at a professional venue. Ideal for focused, immersive learning.
- **Blended** — Combine online and in-person learning for maximum flexibility and impact.

## Frequently asked questions

**How does XCRISC compare to ISACA CRISC?**

CRISC is a 150 MCQ exam. Beyond the $760 exam, CRISC holders pay annual fees and 120 CPE credits every 3 years. XCRISC is 5 instructor-led days covering all four CRISC domains updated to the November 2025 revision, assessed on Day 5 through a supervised enterprise risk assessment and IS control design exercise. One price. No annual fees. The Practitioner Assessment Report documents risk management and control design capability.

**Does XCRISC cover the November 2025 ISACA update?**

Yes. The November 2025 update introduced AI risk assessment and AI data governance into the CRISC job practice. Day 5 of XCRISC includes AI risk management covering ML pipeline risk, algorithmic bias as an IT risk, SR 11-7 model risk management for commercial AI, and AI vendor due diligence, reflecting the updated CRISC job practice requirements fully.

**Is XCRISC suitable for financial services professionals?**

Yes. XCRISC is particularly relevant for financial services. DORA Articles 6 to 16 impose ICT risk management requirements that map directly to CRISC domains. The programme covers DORA TLPT obligations, UK FCA operational resilience PS21/3, and regulatory risk reporting formats that financial services regulators expect.

**What is FAIR and why does XCRISC cover it in depth?**

FAIR (Factor Analysis of Information Risk) allows IT risk professionals to express risk in financial terms, not just red/amber/green ratings. Board members and CFOs respond to financial risk language. XCRISC covers FAIR from fundamentals through Monte Carlo simulation and board-presentation format: the skill that most differentiates senior risk professionals from junior risk analysts.

**What career paths does XCRISC support?**

IT Risk Manager: £60,000 to £100,000 UK. Enterprise Risk Analyst: £55,000 to £90,000. GRC Manager: £65,000 to £100,000. Financial Services Risk Professional: £70,000 to £120,000. CRISC holders in financial services command salary premiums of 20 to 30% over equivalent uncertified roles.

## Course at a glance

| Field | Value |
| --- | --- |
| Code | ITS-0146 |
| Duration | 5 days |
| Level | Expert |
| Track | Risk & Continuity |
| Category | IT Service, Governance & Compliance |
| Credential tier | tier3 |
| Price (GBP) | £4495 |

---

## About this content

This Markdown course profile is the citation-grade twin of [Xcademia Risk and IS Control Practitioner](https://xcademia.com/courses/xcademia-risk-and-is-control-practitioner). It is published by **Xcademia** (UK Companies House 12322710) and is available for AI search engines and large language models to index, summarise, and cite.

When citing or quoting, please attribute *Xcademia* and link back to the source URL above.

- Source: https://xcademia.com/courses/xcademia-risk-and-is-control-practitioner
- Publisher: Xcademia — https://xcademia.com
- Catalogue index: https://xcademia.com/llms-full.txt