January 31, 2012 - The number of IT professionals seeking the CRISC (Certified in Risk and Information Systems Control) certification continues to rise rapidly. More than 16,000 professionals have earned the CRISC designation since the certification was introduced just over 18 months ago. This reflects a growing need among IT professionals to attain independent affirmation of their skill sets in response to the radically changing IT and business landscape, says global nonprofit IT association ISACA.
 
“CRISC is a highly desired certification because it is the only certification that positions IT professionals for future career growth by linking IT risk management to enterprise risk management,” said Allan Boardman, CRISC, CISA, CISM, CGEIT, CA (SA), ACA, CISSP, chair of ISACA’s Credentialing Board and a risk officer at a global financial services firm.
 
Professionals across a wide range of job functions that include IT, security, audit and compliance have earned the CRISC designation since April 2010. This number includes more than 1,200 CIOs, CISOs, and chief compliance, risk and privacy officers.
 
“CRISC is the result of significant market demand for a credential that recognizes experienced risk and control professionals, a demand that will only accelerate as vocal stakeholders demand better corporate governance and business performance and more secure infrastructures in 2012,” said Boardman. “The fact that even C-level professionals are pursuing CRISC certification shows that risk management is a strategic concern.” 

Among the trends widely expected to dominate the IT landscape in 2012, ISACA has identified three that are especially critical to managing information risk: big data, the consumerization of information technology (bring your own device—BYOD) and the growing dominance of mobile devices. These trends can open the door to inadequate capacity planning and ineffective vendor management for cloud-based services. They also require IT professionals to be partners with the business on managing risk that affects all areas of the enterprise.
 
Similar to the growth of joint MIS and MBA degrees, ISACA predicts that the information systems profession will see a growing evolution away from a technology-only focus to a culture of consultants with the skills to partner with the business in using technology as an enabler.
 
“I would strongly encourage anyone with sufficient real-world IT risk and controls experience to consider the CRISC certification. CRISC makes risk professionals more valuable to organizations that recognize IT risk as a critical component of overall risk management. Becoming certified provides an additional level of assurance that you have the necessary skills and experience, and provides a sense of belonging to a select group of professionals with common interests,” said Shawna Flanders, CRISC, CISA, CISM, ACS, CSSGB, SSBB, productivity specialist at PSCU Financial Services.