The Institute of Internal Auditors has released the syllabus for qualifying for its new Certification in Risk Management Assurance.
The CRMA exam will be offered in English next year via computer-based testing at more than 400 locations worldwide. The IIA is also extending the deadline to Dec. 31, 2012 for some North American CRMA candidates to submit documentation of applicable professional experience in substitution of taking the exam.
While the CRMA exam is primarily for internal auditors who wish to hone their risk management assurance and consulting skills, it requires an in-depth understanding of the broad spectrum of effective risk management. Other risk managers, management and board members also may benefit from earning the CRMA.
“It’s essential that internal auditors and risk management professionals have a thorough understanding of best practices in risk management so they can provide their organization and audit committees assurance that the entity’s risk management processes in place are sound, complete, and cover all key risks,” said IIA vice president of professional certifications Cyndi Plamondon in a statement. “Earning the CRMA will help candidates demonstrate they have the skills and knowledge needed to provide that assurance.”
The CRMA core exam will require candidates to correctly answer 100 questions covering four domains of knowledge within a two-hour testing period. In addition, candidates must successfully pass
The CRMA is the IIA’s first specialty exam to include part 1 of the CIA as an exam component.
For candidates who wish to apply documented experience in lieu of testing, the IIA has extended its Professional Experience Recognition period to all North American members until Dec. 31, 2012.
In order to participate in this extended offer, a candidate must be an active North American member and complete a CRMA application online through the IIA’s Certification Candidate Management System before Dec. 31, 2012. Members will have until Jan. 31, 2013 to complete their supporting documentation and submit it to the IIA.
For candidates planning to take the exam, the syllabus outlines four domains of knowledge the CRMA covers to assess candidates’ comprehensive understanding of risk management. “These first two domains look at how risk management processes are aligned with strategic objectives,” said Plamondon. “They also focus on internal and external factors that can impact the quality of risk management efforts significantly.”
The CRMA explores the objectives of risk management processes and addresses the organization’s risk culture, capacity, appetite and tolerance. It also covers the ethical environment, tone at the top, the organizational and governance structure, decision-making processes, and expectations of internal and external stakeholders.
According to the exam syllabus, obtaining the CRMA designation requires broad knowledge of risk identification, analysis, monitoring, mitigation, and reporting, as well as an in-depth understanding of the importance of linking objectives to strategic initiatives.
The third and fourth domains of the CRMA exam syllabus focus specifically on risk management roles appropriate for internal auditors. In regard to assurance, internal auditors must be able to effectively assess the management and reporting of key risks. They should provide assurance that those risks have been evaluated adequately, and they should attest to the effectiveness of the risk management processes that are in place.
The CRMA exam also tests the candidate's consulting abilities in regard to advocating the establishment of risk management, developing a risk management strategy for board approval, and creating and maintaining a risk management framework. Successful CRMA candidates are well equipped to facilitate risk identification and evaluation, assist management in responding to risks, recommend risk management activities, and consolidate risk reporting.
“Although it’s impossible to ensure 100 percent of the down-side risks are mitigated, the lack of an effective risk management program can leave an organization vulnerable,” said Plamondon. “In order for CRMA professionals to assure the effectiveness of an organization's risk management program, they must have acquired the risk management knowledge and skills necessary to help an organization hold risk at bay.”
The CRMA syllabus is available on
