5-Day Instructor-Led Programme
The XCRISC Certification Programme is the practitioner standard for IT risk managers and information systems control professionals who identify, assess, respond to, and monitor enterprise IT risk across financial services, enterprise, and regulated sector environments. Assessed on Day 5 through a supervised enterprise risk assessment and IS control design exercise — no multiple choice, no exam, no CPE renewal requirements.
Duration
5 Days
Price
$5,620
CRISC is the most respected credential for IT risk management professionals, with over 46,000 holders globally. It is heavily weighted toward financial services and enterprise risk functions where connecting IT risk to business impact is a daily requirement. The CRISC exam is 150 multiple choice questions across four domains — but the real work of CRISC professionals is applying risk frameworks to complex business scenarios, designing information systems controls, and reporting risk in board-level language. XCRISC builds this capability through practice.
Across five instructor-led days, XCRISC covers all four CRISC domains as updated by the November 2025 ISACA CRISC job practice revision: IT Risk Identification, IT Risk Assessment, Risk Response and Mitigation, and Risk Control Monitoring and Reporting. Coverage reflects the 2025 update which incorporates AI risk assessment and general best practices for risk management and mitigation related to AI data governance. Every domain is applied to realistic enterprise and financial services risk scenarios.
On Day 5, participants conduct a supervised enterprise risk assessment for a simulated organisation and design information systems controls to address identified risks. A senior practitioner with IT risk management experience assesses the quality of risk identification, assessment methodology, control design, and reporting. XCRISC certificate and Practitioner Assessment Report issued. Aligned with ISO 31000, NIST RMF, COBIT 2019, FAIR methodology, ISO 27005, and financial sector risk frameworks (DORA/PRA SS7/23 model risk guidance).
Hands-on risk register development, FAIR quantitative risk modelling, IS control design exercises, control testing methodology, and a supervised enterprise risk assessment on Day 5.
Mentor-led sessions from experienced IT risk professionals examining real risk assessment decisions, control selection trade-offs, board risk reporting, and the difference between theoretical risk frameworks and real enterprise risk management.
Identify, assess, and respond to IT risks across enterprise environments, design effective information systems controls, monitor control effectiveness, and report risk to executive and board audiences using quantitative and qualitative frameworks.
Apply CRISC job practice domain methodology to identify, assess, and respond to IT risks across enterprise and financial services environments
Design information systems controls aligned to COBIT 2019, ISO 27001, and risk treatment decisions, including compensating controls for constrained environments
Conduct quantitative IT risk assessments using FAIR methodology to produce board-level risk quantification for investment and insurance decisions
Develop Key Risk Indicators and control monitoring frameworks to provide continuous assurance over the effectiveness of IS controls
Integrate AI risk assessment into enterprise IT risk programmes aligned to the November 2025 ISACA CRISC job practice update
Report IT risk to board and executive audiences using risk heat maps, quantified risk scenarios, and regulatory risk reporting formats
Minimum 3 years of IT risk management or information systems control experience
Working knowledge of at least one risk framework: ISO 31000, NIST RMF, COBIT, or enterprise risk management methodology
Understanding of IT governance concepts and audit/assurance fundamentals
Organized by professional domains with comprehensive coverage
Master these in-demand skills through hands-on practice
A clear view of the roles this programme supports, what typically comes next, and where learners progress over time
Choose the learning format that works best for you and your team
Instructor-Led Training
Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
Price per person
Group enrolments and early planning options available.
Custom quotes for teams and organisations
We come to you. Training delivered at your workplace for teams of 6 or more.
Custom pricing based on:
No obligation. Response within 1 business day.
Classroom training at a professional venue. Ideal for focused, immersive learning.
Custom pricing based on:
No obligation. Response within 1 business day.
Combine online and in-person learning for maximum flexibility and impact.
Timeline tailored to learner availability
Custom pricing based on:
No obligation. Response within 1 business day.
All prices are exclusive of VAT where applicable. Group enrolments and custom packages available on request.
Not everyone learns best in a group. If you want focused guidance, faster clarity, and confidence you can use on the job, our 1-to-1 Fast-Track Training gives you private, mentor-led support tailored to your experience and goals.
"Many learners choose 1-to-1 when they want understanding, not memorisation."
Credential
On successful completion of XCRISC — Xcademia Risk & IS Control Practitioner , learners receive an Xcademia Certificate of Completion. This standalone certificate is issued directly by Xcademia and recognised by employers across the UK defence and security sector.
Everything you need to know about the certification exams
You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations.
Everything you need to know about this course
CRISC is a 150 multiple choice exam across four domains. Beyond the $760 exam, CRISC holders pay annual fees and 120 CPE credits every 3 years. XCRISC is 5 instructor-led days covering all four CRISC domains updated to the November 2025 ISACA revision, assessed through a real enterprise risk assessment and IS control design exercise on Day 5. One price. No renewal treadmill. The Practitioner Assessment Report documents risk management and control design capability.
Take the next step in your professional development