ISO 31000 Certified Internal Controls Risk Analyst™ (CICRA™)
Risk management is an increasingly important business driver as stakeholders have become much more concerned about risk. Risk may be a driver of strategic decisions, it may be a cause of uncertainty in the organization, or it may simply be embedded in the activities of the organization. An enterprise-wide approach to risk management enables an organization to consider the potential impact of all types of risks on all processes, activities, stakeholders, products and services. Implementing a comprehensive approach will result in an organization benefiting from what is often referred to as the ‘upside of risk’.
A successful enterprise risk management (ERM) initiative can affect the likelihood and consequences of risks materializing, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency. Other benefits include reduced cost of capital, more accurate financial reporting, competitive advantage, improved perception of the organization, better marketplace presence and, in the case of public service organizations, enhanced political and community support.
Because all information security analysis, controls, and processes are essentially a product of risk management, ISO/IEC 31000 and 27005 provides the framework for how to apply proper risk management within the ISO/IEC 27001/27002 ISMS, or within the 22301 BCMS. The CICRA credential by IRMCB certifies understanding of how ISO/IEC 31000, 31010, and 27005 can be used to develop a custom enterprise risk management program that fulfills the requirements of both ISO/IEC 27001, and ISO 22301. It also helps fulfil the competence requirements of the certifications themselves.
The CICRA credential by Certified Information Security certifies understanding of how ISO/IEC standards 31000, 31004, 31010, and 27005 can be used to develop a custom risk management methodology that fulfils the requirements of both ISO/IEC 27001, and ISO 22301. It also helps fulfil the competence requirements of the certifications themselves. Upon completion of this training and certificate program, participants will:
- be equipped with knowledge and skills required to develop, manage, monitor, and improve an Enterprise Risk Management System in line with the ISO 31000 standard of best practice;
- expand risk management competency;
- increase credibility through gaining international recognition; and
- improve particpants' résumé/CV and help to increase earning potential.
Getting IRMCB standardized training and taking certification exams
IRMCB courses are delivered by Authorized Training and Education Centers (ATECs) in standardized live and online formats. Select ATECs are also authorized to proctor exams and issue certificates.
|Authorized Training and Education Center
||Authorized for Live Instructor-Led Training
||Authorized for Web-Based Training
||Authorized exam center
|Certified Information Security