Organizations that must adhere to regulations for data security, financial accountability and consumer privacy increasingly find it difficult to do without someone to make sure internal processes are being carried out properly. This is exactly where the need for competent governance, risk, and compliance (GRC) professionals arises. The goal of GRC is to ensure that proper policies and controls are in place to reduce risk, to set up a system of checks and balances to alert personnel when new risks materialize and to manage business processes more efficiently and proactively. All kinds of job roles including CIO, IT security analyst, security engineer or architect, information assurance program manager and senior IT auditor require or benefit from a GRC certification. Read on to learn about some top GRC certifications.
Certification in Risk Management Assurance (CRMA)
A global professional association, The Institute of Internal Auditors (IIA) provides information, networking opportunities and education to auditors in business, government and the financial services industry. CRMA is one of its certifications which recognizes individuals who are involved with risk management and assurance, governance, quality assurance and control self-assessment. A CRMA is considered a trusted advisor to senior management and members of audit committees in large organizations.
One has to pass a multiple-choice exam (100 questions, up to two hours) through Pearson VUE to achieve the CRMA credential, which costs $380 for IIA members or $495 for non-members.
Additionally, one must have a 3- or 4-year post-secondary degree (or higher). Two years of post-secondary education and five years of internal auditing experience (or equivalent) or seven years of internal auditing experience are the alternatives to the bachelor’s degree. Proof of at least two years of auditing experience or control-related business experience in risk management or quality assurance is also required by the IIA. The final submission includes a character reference signed by a person holding an IIA certification or a supervisor, proof of identification and agreement to abide by the Code of Ethics established by The IIA.