The role of Governance, Risk and Compliance (GRC), in general, is to implement policies that safeguard and protect a company from risks and threats, have a process to identify oncoming threats and improve overall business efficiency. The need for a robust GRC has become more apparent now more than ever. In the recent past, there have been several instances of full-blown corporate scandals that have thrown the business world into a tizzy, emphasising the need for devoted GRC professionals and CFO’s who have a fair understanding of GRC and what to look for in the ideal GRC candidate. GRC certifications help showcase commitment to quality and demonstrate professional expertise within an organisation. Here we explore the most popular GRC certifications.
What: The Certified in Risk and Information Systems Control (CRISC) certification from ISACA is currently one of the most valuable GRC certifications within the IT domain. It gives certified IT professionals knowledge into managing IT and enterprise risk. A CRISC certified person often oversees the development, implementation and maintenance of information system (IS) controls designed to improve security and manage risk.
To become CRISC certified, one requires a minimum of three years work experience in IT risk and information systems associated with at least two of the four domains mentioned below, must adhere to the ISACA Code of Professional Ethics and comply with the CRISC Continuing Education Policy. Eligible professionals are required to write an exam comprising of 150 questions that covers four domains to receive the certification:
- IT Risk Identification
- IT Risk Assessment
- Risk Response and Mitigation
- Risk and Control Monitoring and Reporting).
Cost: The exam costs $575 for ISACA members and $760 for non-members.
What: The Governance, Risk and Compliance Professional (GRCP) certification is offered by the global non-profit group, OCEG. It is intended to act more like a foundation for more advanced GRC qualifications. Professionals prepare for the exam through the ‘GRC Fundamentals’ video course or a two-day training program conducted by OCEG. Only candidates who successfully pass the GRCP can enroll for the higher-level GRC Audit certification. The GRCP certification gives a basic understanding of the following:
- Functioning & operation of the core GRC disciplines like auditing and risk
- GRC capability model and its elements: Learning, Alignment, Performance and Review
- Key GRC controls and functions, to be utilised to deploy a holistic strategy
Cost: The 100-question exam is free for OCEG All Access Pass members that is priced at $395 (auto-renewal) or $495 (no auto-renewal). The pass gives access to all live and archived webinars, OCEG Standards, Guides and Resources, eLearning programs, and the exam.
What: The CGEIT (Certified in the Governance of Enterprise IT) certification from ISACA is targeted at professionals specifically managing IT governance in companies. A CGEIT certification gives the candidate the necessary expertise to manage and advance an enterprise’s IT governance, an understanding of how to optimise enterprise IT systems and IT risk management.
To become CGEIT certified, a minimum of five years work experience in IT enterprise governance, of which at least one year should have been spent defining, implementing and managing a governance framework is required. Candidates are also expected to follow the ISACA Code of Professional Ethics and the CGEIT Continuing Education Policy.
The exam for the CGEIT certifications comprises of 150 questions, four hours covering five domains:
- Framework for the Governance of Enterprise IT
- Strategic Management
- Benefits Realization
- Risk Optimization
- Resource Optimization
Cost: The exam costs $525 for ISACA members and $760 for non-members.
What: The Information Technology Infrastructure Library (ITIL) certifications for the ITIL framework describes best practices for creating, implementing and managing IT service projects. Candidates are required to begin with the basic-level ITIL Foundation and gradually move up the ladder to the popular ITIL Expert and then to ITIL Master. This qualification gives a deep understanding of best practices in the overall ITIL service.
To achieve the ITIL Expert qualification, the candidate must first complete the ITIL Foundation certification successfully or a Bridge qualification equivalent, and then acquire at least 17 credits per the ITIL Credit System. From here, the professional is required to take an approved training course and pass the Managing Across the Lifecycle (MALC) exam.
Cost: Training + exam costs vary among vendors, but are usually in the range of $1,800 for online training to $5,000 for classroom training.
What: The CRMA certification offered by the Institute of Internal Auditors (IIA), a global authority on auditing in the financial services industry, focuses on imparting knowledge of internal auditing, evaluating, analysing and mitigation of risk related to core business processes. A CRMA certification is valuable and professional holding this certification is considered to be a trusted advisor to senior management and members of audit committees of large companies.
To become CRMA certified, the candidate requires to have a 3-year post-secondary degree (or higher), two years of post-secondary education and five years of internal auditing experience or seven years of internal auditing experience. In addition to this, professionals need to furnish proof of at least two years of auditing experience/control-related business experience in risk management or quality assurance and a character reference signed by a supervisor or a person holding an IIA certification. Candidates are also required to provide proof of identification and agree to abide by the IIA’s Code of Ethics.
The examination is a 100-question multiple-choice one through Pearson VUE
Cost: The exam costs $380 for IIA members and $495 for non-members.
What: The PMI-RMP certification is offered by the Project Management Institute (PMI) to IT professionals to help handle large projects or working in complex environments who assess and identify project-based risks, designing and implementing mitigation plans that counter risks.
To become PMI-RMP certified, the candidate must hold a high school degree with at least 4,500 hours of project risk management experience and 40 hours of project risk management education or a four-year bachelor’s degree with a minimum of 3,000 hours of project risk management experience and 30 hours of relevant education.
The 170-multiple-choice questions examination covers the following five domains:
- Risk Strategy and Planning
- Stakeholder Engagement
- Risk Process Facilitation
- Risk Monitoring and Reporting
- Perform Specialized Risk Analyses
Cost: The PMI-RMP certifications costs $520 for PMI members and $670 for non-members.
The six GRC certifications mentioned here serve as indicators of governance, risk and compliance professional knowledge and management. Whether the end goal for a CFO is to gain core knowledge of GRC, understand how to improve control of IT systems or to safeguard the business against risk, gaining a GRC certification benefits organisation, small and large alike, by laying the groundwork for a robust, foolproof GRC process.