CRMA Exam Review
03/04/2023 - 06/04/2023 @ 8:30 am - 3:00 pm - About this course: Course Description Risk management assurance is an essential internal audit responsibility. As the risk landscape has continued to expand and change, The IIA recognized the need for the Certification in Risk Management Assurance® (CRMA®) program to keep pace. This required a thorough evaluation of the exam requirements and content to ensure they [...]
Map Unavailable

Date(s) - 03/04/2023 - 06/04/2023
8:30 am - 3:00 pm


About this course:

Course Description

Risk management assurance is an essential internal audit responsibility. As the risk landscape has continued to expand and change, The IIA recognized the need for the Certification in Risk Management Assurance® (CRMA®) program to keep pace. This required a thorough evaluation of the exam requirements and content to ensure they reflect the skills needed to audit today’s emerging risks, as well as consider the organizational view required to effectively execute risk management assurance. The IIA conducted two studies — a market study and a job analysis study. The market study revealed perceived ambiguity between the CRMA and the Certified Internal Auditor® (CIA®). Additionally, it confirmed that more business experience and a deeper level of risk management knowledge are required in order to provide holistic and effective risk management assurance. As such, the new CRMA is positioned as a career pathway for internal auditors after achieving the CIA designation. It is the only risk management assurance certification for internal auditors.

Course Topics

The Certification in Risk Management Assurance (CRMA) exam includes:

CRMA exam, which consists of 120 questions covering three domains as follows:


  1. Roles and Competencies

    1. Determine appropriate assurance and consulting services for the internal audit activity with regard to risk management.
    2. Determine the knowledge, skills, and competencies required (whether developed or procured) to provide risk management assurance and consulting services.
    3. Evaluate organizational independence of the internal audit activity and report impairments to appropriate parties.
  2. Coordination

    1. Recommend establishing an organizationwide risk management strategy and processes, or contribute to the improvement of the existing strategy and processes.
    2. Coordinate risk assurance efforts and determine whether to rely on the work of other internal and external assurance providers.
    3. Assist the organization with creating or updating an organizationwide risk assurance map to ensure proper risk coverage and minimize duplication of efforts.



  1. Governance, Risk Management, and Control Frameworks

    1. Evaluate the organization’s governance structure and application of risk management concepts found in governance frameworks.
    2. Assess the organization’s application of concepts and principles found within risk and control frameworks appropriate to the organization.
    3. Assess key elements of the organization’s risk governance and risk culture (e.g., risk oversight, risk management, tone at the top, etc.) and  the impact of organizational culture on the overall control environment and risk management strategy.
  2. Risk Management Integration

    1. Evaluate management’s commitment to risk management and analyze the integration of risk management into the organization’s objectives, strategy setting, performance management, and operational management systems.
    2. Evaluate the organization’s ability to identify and respond to changes and emerging risks that may affect the organization’s achievement of strategy and objectives.
    3. Examine the effectiveness of integrated risk management reporting (e.g., risk, risk response, performance, and culture, etc.) to key stakeholders.



  1. Risk Management Approach

    1. Evaluate various approaches and processes for assessing risk (e.g., relevant measures, control self-assessment, continuous monitoring, maturity models, etc.).
    2. Select data analytics techniques (e.g., ratio estimation, variance analysis, budget vs. actual, trend analysis, other reasonableness tests, benchmarking, etc.) to support risk management and assurance processes.
  2. Assurance Processes

    1. Evaluate the design and application of management’s risk identification and assessment processes.
    2. Utilize a risk management framework to assess organizationwide risks from various sources (e.g., audit universe, regulatory requirements and changes, management requests, relevant market and industry trends, emerging issues, etc.).
    3. Prioritize audit engagements based on the results of the organizationwide risk assessment to establish a risk-based internal audit plan.
    4. Manage internal audit engagements to ensure audit objectives are achieved, quality is assured, and staff is developed.
    5. Evaluate the effectiveness and efficiency of risk management at all levels (i.e., process level, business unit level, and organizationwide).
    6. Analyze the results of multiple internal audit engagements, the work of other internal and external assurance providers, and management’s risk remediation activities to support the internal audit activity’s overall assessment of the organization’s risk management processes.
    7. Assess risk management, project management, and change controls throughout the systems development lifecycle.
    8. Evaluate data privacy, cybersecurity, IT controls, and information security policies and practices.
    9. Evaluate risk management monitoring processes (e.g., risk register, risk database, risk mitigation plans, etc.).
  3. Communication

    1. Manage the audit engagement communication and reporting process (e.g., holding the exit conference, developing the audit report, obtaining management responses, etc.) to deliver engagement results.
    2. Evaluate management responses regarding key organizational risks, and communicate to the board when management has accepted a level of risk that may be unacceptable to the organization.
    3. Formulate and deliver communications on the effectiveness of the organization’s risk management processes at multiple levels and organizationwide.


Course Duration: 4 days

CPE Credits: 24

Level: All

Pre-requisites: Candidates need to be CIA certified, i.e., have an active CIA designation in order to apply for the CRMA Exam and they need to have 5 years of internal audit and/or risk management experience in order to earn the certification.

CRMA Revision Handbook


Bookings are closed for this event.


The UAE IAA reserves the right to amend the Terms & Conditions at any time without prior notice.

While the UAE Internal Audit Association and its staff make every effort to observe and maintain the schedule of every training course as set forth in the organization’s training schedule, under certain circumstances that are out of our control we might feel obligated to cancel and/or reschedule any training course or event. Under these circumstances, our training department will forward all registrants to the next available schedule for the same course. The individual participant or the sponsoring organization will have the ability to request a different schedule for the same course or a different course within the same calendar year.

CPEs: 24 Point
Course Level: All
Duration: 4 Day/s
Language: English
Member Fees:2250USD
Nonmember Fees: 2500USD

Number of Attendees:

Book your calendar