Certification in Risk Management Assurance® (CRMA®)

The CRMA is the only risk management assurance certification for internal auditors. It was specifically developed to provide the in-depth organizational knowledge and advanced skill sets required to provide adequate risk management assurance to audit committees and executive management.

Earning the CRMA will enable you to:

• Assure core business processes in risk management and governance.
• Educate management and the audit committee on risk and risk management concepts.
• Offer quality assurance and control self-assessment.
• Add value to your organization as a trusted advisor.

Internal Audit Roles and Responsibilities

Roles and Competencies:

1. Determine appropriate assurance and consulting services for the internal audit activity about risk management.
2. Determine the knowledge, skills, and competencies required (whether developed or procured) to provide risk management assurance and consulting services.
3. Evaluate organizational independence of the internal audit activity and report impairments to appropriate parties.

Coordination:

1. I recommend establishing an organization-wide risk management strategy and processes or contributing to improving the existing strategy and processes.
2. Coordinate risk assurance efforts and determine whether to rely on the work of other internal and external assurance providers.
3. Assist the organization with creating or updating an organization-wide risk assurance map to ensure proper risk coverage and minimize duplication of efforts.

Risk Management Governance:

Governance, Risk Management, and Control Frameworks

1. Evaluate the organization's governance structure and application of risk management concepts found in governance frameworks.
2. Assess the organization's application of concepts and principles found within risk and control frameworks appropriate to the organization.
3. Assess key elements of the organization's risk governance and culture (e.g., risk oversight, risk management, tone at the top, etc.) and the impact of organizational culture on the overall control environment and risk management strategy.

Risk Management Integration:

1. Evaluate management’s commitment to risk management and analyze the integration of risk management into the organization's objectives, strategy setting, performance management, and operational management systems.
2. Evaluate the organization’s ability to identify and respond to changes and emerging risks that may affect the organization’s achievement of strategy and objectives.
3. To key stakeholders, examine the effectiveness of integrated risk management reporting (e.g., risk, risk response, performance, culture, etc.).

Risk Management Assurance:

Risk Management Approach

1. Evaluate various approaches and processes for assessing risk (e.g., relevant measures, control self-assessment, continuous monitoring, maturity models, etc.).
2. Select data analytics techniques (e.g., ratio estimation, variance analysis, budget vs. actual, trend analysis, other reasonableness tests, benchmarking, etc.) to support risk management and assurance processes.

 Assurance Processes:

1. Evaluate the design and application of management’s risk identification and assessment processes.
2. Utilize a risk management framework to assess organization-wide risks from various sources (e.g., audit universe, regulatory requirements and changes, management requests, relevant market and industry trends, emerging issues, etc.).
3. Prioritize audit engagements based on the results of the organization-wide risk assessment to establish a risk-based internal audit plan.
4. Manage internal audit engagements to ensure audit objectives are achieved, quality is assured, and staff is developed.
5. Evaluate the effectiveness and efficiency of risk management at all levels (i.e., process, business unit, and organization-wide).
6. Analyze the results of multiple internal audit engagements, the work of other internal and external assurance providers, and management's risk remediation activities to support the internal audit activity’s overall assessment of the organization’s risk management processes.
7. Assess risk management, project management, and change controls throughout the systems development lifecycle.
8. Evaluate data privacy, cybersecurity, IT controls, and information security policies and practices.
9. Evaluate risk management monitoring processes (e.g., risk register, database, risk mitigation plans, etc.).

Communication:

1. Manage the audit engagement communication and reporting process (e.g., holding the exit conference, developing the audit report, obtaining management responses, etc.) to deliver engagement results.
2. Evaluate management responses regarding vital organizational risks and communicate to the board when management has accepted a
3. Formulate and deliver communications on the effectiveness of the organization’s risk management processes at multiple levels and organization-wide...

Earning the CRMA helps address the impact of risk and demonstrates you have the ability to:

• Provide assurance on core business processes in risk management and governance.
• Educate management and the audit committee on risk and risk management concepts.
• Offer quality assurance and control self-assessment.
• Add value for your organization as a trusted advisor.

• Those who want to learn more about risk management.
• Those who want to learn how to audit risk management.
• Those who want to pass the CRMA certification exam.
• Internal Auditors
• Risk Managers

To enroll in the CRMA:

• A current member of the Chartered IIA
• CIA qualified
• Five years of internal audit experience
• You will have 24 months to complete the CRMA after successfully applying

The CRMA credential verifies a person’s qualifications to provide assurance on core business processes in risk management and governance, educate management and the audit committee on risk and risk management concepts, offer quality assurance and control self-assessment, and manage strategic organizational risks.

Earning the Certification in Risk Management Assurance (CRMA®) demonstrates your expertise in risk management assurance and provides a solid foundation for a rewarding career in this field. Here's a potential career path and various opportunities you can explore as a CRMA® certified professional:

1. Internal Auditor
2. Risk Assurance Analyst
3. Risk Manager
4. Compliance Manager:
5. Risk Consultant:
6. Risk Governance Specialist

Exam topics:

• Internal audit roles and responsibilities (20%)
• Risk management governance (25%)
• Risk management assurance (55%)

Seat length: 150 minutes

Question types: variety of question types

Language: English