The ISACA Certified in Risk and Information Systems Control (CRISC) learning path extensively prepares for the CRISC exam, which consists of 150 multiple-choice questions that cover the four IT risk and control areas. These areas have been created from a CRISC job practice analysis and reflect the work performed in IT risk identification, assessment, response, mitigation and monitoring.