< Back

Risk-Management : Internal Auditing : Professional Certification :  

Exam Syllabus for Global Risk Management Certification Released

Cyndi Plamondon
Vice President of Professional Certifications
Institute of Internal Auditors

The Institute of Internal Auditors (IIA) has released the exam syllabus for its brand new Certification in Risk Management Assurance  (CRMA). The CRMA exam will be offered in English next year via computer-based testing at more than 400 locations worldwide. The IIA is also extending the deadline to December 31, 2012 for some North American CRMA candidates to submit documentation of applicable professional experience in substitution of taking the exam.

Although the CRMA exam is primarily for internal auditors who wish to hone their risk management assurance and consulting skills, it requires an in-depth understanding of the broad spectrum of effective risk management. Other risk managers, management, and board members also may benefit from earning the CRMA.

“It’s essential that internal auditors and risk management professionals have a thorough understanding of best practices in risk management so they can provide their organization and audit committees assurance that the entity’s risk management processes in place are sound, complete, and cover all key risks,” said IIA Vice President of Professional Certifications Cyndi Plamondon, CIA, CCSA, CGAP, CFSA, CRMA. “Earning the CRMA will help candidates demonstrate they have the skills and knowledge needed to provide that assurance.”

The CRMA core exam will require candidates to correctly answer 100 questions covering four domains of knowledge within a two-hour testing period. Additionally, candidates must successfully pass Part 1  of the Certified Internal Auditor (CIA) exam, which tests their knowledge of the basic concepts of risk and controls, as well as the International Professional Practices Framework. The CRMA is The IIA’s first specialty exam to include Part 1 of the CIA as an exam component.

For candidates who wish to apply documented experience in lieu of testing, the Professional Experience Recognition (PER) period has been extended to all North American members until December 31, 2012. In order to participate in this extended offer, you must be an active North American member and complete a CRMA application online through our Certification Candidate Management System (CCMS) before December 31, 2012.  You will have until January 31, 2013 to complete your supporting documentation and submit it to The IIA.

For candidates planning to take the exam, the syllabus outlines four domains of knowledge the CRMA covers to assess candidates’ comprehensive understanding of risk management. “These first two domains look at how risk management processes are aligned with strategic objectives,” said Plamondon. “They also focus on internal and external factors that can impact the quality of risk management efforts significantly.”

The CRMA explores the objectives of risk management processes and addresses the organization’s risk culture, capacity, appetite, and tolerance. It also covers the ethical environment, tone at the top, the organizational and governance structure, decision-making processes, and expectations of internal and external stakeholders. According to the exam syllabus, obtaining the CRMA designation requires broad knowledge of risk identification, analysis, monitoring, mitigation, and reporting, as well as an in-depth understanding of the importance of linking objectives to strategic initiatives.

The third and fourth domains of the CRMA exam syllabus focus specifically on risk management roles appropriate for internal auditors. In regard to assurance, internal auditors must be able to effectively assess the management and reporting of key risks. They should provide assurance that those risks have been evaluated adequately, and they should attest to the effectiveness of the risk management processes that are in place.

The CRMA exam also tests the candidate's consulting abilities in regard to advocating the establishment of risk management, developing a risk management strategy for board approval, and creating and maintaining a risk management framework. Successful CRMA candidates are well equipped to facilitate risk identification and evaluation, assist management in responding to risks, recommend risk management activities, and consolidate risk reporting.

“Although it’s impossible to ensure 100 percent of the down-side risks are mitigated, the lack of an effective risk management program can leave an organization vulnerable,” explains Plamondon. “In order for CRMA professionals to assure the effectiveness of an organization's risk management program, they must have acquired the risk management knowledge and skills necessary to help an organization hold risk at bay.”

The CRMA syllabus is available on The IIA's website.
The Institute of Internal Auditors (IIA) is internationally recognized as a trustworthy guidance-setting body. Serving members in 165 countries, The IIA is the internal audit profession's global voice, chief advocate, recognized authority, acknowledged leader, and principal educator.

About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY