Skip to Content
Press Enter

CRMA Preparation Course

Member Price: $599
Non-Member Price: $749

Format:

A Certification in Risk Management Assurance® (CRMA®) from The IIA is the only risk management assurance certification for internal auditors. Earning the CRMA helps address the impact of risk and demonstrates that you can provide assurance on core business processes in risk management and governance.

The aim of this program is to help you prepare for the CRMA exam. It closely follows the structure of the certification program and is linked to The IIA’s CRMA Study Guide and Practice Questions, 3rd Edition, which is included with this course.

Who Will Benefit?

This course will benefit internal auditors seeking an in-depth guide to prepare to take the Certification in Risk Management Assurance® (CRMA®) Exam.

Learning Objectives

  • Determine appropriate assurance and advisory services for the internal audit function with regard to risk management.
  • Determine the knowledge, skills, and competencies required (whether developed or procured) to provide risk management assurance and advisory services.
  • Evaluate organizational independence of the internal audit function and report impairments to appropriate parties.
  • Recommend establishing an organizationwide risk management strategy and processes, or contribute to the improvement of the existing strategies and processes.
  • Coordinate risk assurance efforts and determine whether to rely on the work of other internal and external assurance providers.
  • Assist the organization with creating or updating an organizationwide risk assurance map to ensure proper risk coverage and minimize duplication of efforts.
  • Evaluate the organization's governance structure and application of risk management concepts found in governance frameworks.
  • Assess the organization's application of concepts and principles found within risk and control frameworks appropriate to the organization.
  • Assess key elements of the organization's risk governance and risk culture (e.g., risk oversight, risk management, tone at the top, etc.) and the impact of organizational culture on the overall control environment and risk management strategy.
  • Evaluate management’s commitment to risk management and analyze the integration of risk management into the organization's objectives, strategy setting, performance management, and operational management systems.
  • Evaluate the organization’s ability to identify and respond to changes and emerging risks that may affect the organization’s achievement of strategy and objectives.
  • Examine the effectiveness of integrated risk management reporting (e.g., risk, risk response, performance, and culture, etc.) to key stakeholders.
  • Evaluate various approaches and processes for assessing risk (e.g., relevant measures, control self-assessment, continuous monitoring, maturity models, etc.).
  • Select data analytics techniques (e.g., ratio estimation, variance analysis, budget vs. actual, trend analysis, other reasonableness tests, benchmarking, etc.) to support risk management and assurance processes.
  • Evaluate the design and application of management’s risk identification and assessment processes.
  • Utilize a risk management framework to assess organizationwide risks from various sources (e.g., audit universe, regulatory requirements and changes, management requests, relevant market and industry trends, emerging issues, etc.).
  • Prioritize audit engagements based on the results of the organizationwide risk assessment to establish a risk-based internal audit plan.
  • Manage internal audit engagements to ensure audit objectives are achieved, quality is assured, and staff is developed.
  • Evaluate the effectiveness and efficiency of risk management at all levels (i.e., process level, business unit level, and organizationwide).
  • Analyze the results of multiple internal audit engagements, the work of other internal and external assurance providers, and management's risk remediation activities to support the internal audit function’s overall assessment of the organization’s risk management processes.
  • Assess risk management, project management, and change controls throughout the systems development lifecycle.
  • Evaluate data privacy, cybersecurity, IT controls, and information security policies and practices.
  • Evaluate risk management monitoring processes (e.g., risk register, risk database, risk mitigation plans, etc.).
  • Manage the audit engagement communication and reporting process (e.g., holding the exit conference, developing the audit report, obtaining management responses, etc.) to deliver engagement results.
  • Evaluate management responses regarding key organizational risks, and communicate to the board when management has accepted a level of risk that may be unacceptable to the organization.
  • Formulate and deliver communications on the effectiveness of the organization’s risk management processes at multiple levels and organizationwide.

Available Formats

Related Courses and Resources

On-Demand

CRMA Preparation Course

Course

ERM and Internal Audit: Anticipating and Addressing Risks in 2022

Course

Enterprise Risk Management: The Foundation for Better Organization-wide Decision Making

Course

Fundamentals of Risk-based Auditing

Learn about IIA programs and partners.

We are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands.