Certified Risk and Compliance Management Professional (CRCMP), distance learning and online certification program

(Note: This is the Certified Risk and Compliance Management Professional (CRCMP) program. It is different from the Certified Regulatory and Compliance Professional (CRCP) program, provided by FINRA, which can be found at https://www.finra.org).


The CRCMP has become one of the most recognized certificates in risk management and compliance. There are CRCMPs in 32 countries. Companies and organizations like IBM, Accenture, American Express, USAA etc. consider the CRCMP a preferred certificate.

You can find more about the demand for CRCMPs at: www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf


The CRCMP program has been designed to provide with the knowledge and skills needed to understand and support regulatory compliance and enterprise wide risk management. The course provides with the skills needed to pass the Certified Risk and Compliance Management Professional (CRCMP) exam.

Target Audience

The CRCMP certification program is beneficial to:
- Managers and employees involved in the design and implementation of risk and compliance related strategies, policies, procedures, risk assessments, control activities, testing, documentation, monitoring and reporting.
- Vendors, suppliers and service providers.

This course is intended for employers demanding qualified professionals that meet the fit and proper requirements.

Course Synopsis

Part A: Introduction, Compliance and Risk Management

What is corporate governance.
The OECD (Organization for Economic Cooperation and Development) principles of corporate governance.
FSB, Thematic Review on Risk Governance.
FSB 2017, Thematic Review on Corporate Governance.

What is risk.
Risk and uncertainty.
Risk acceptance, transfer, avoidance.
Definitions of risk - from the US Marine Corps (Marine Cops Training Command) to the corporate environment.
Risk - good or bad?
Case Study: Daimler Group, Risk and Opportunity Management system.
Risk Management and Issue Management.
Marine Corps and Banks – similar Records Management principles.
Threats and vulnerabilities.
Risk mitigation methodology flowchart.
Outsourcing and Risk Management.

What is compliance.
Enterprise wide risk and compliance program.
Case Study: Annual Report, Munich Re.
Policies, Procedures, Standards, Baselines, Guidelines, Ethics.
Case Study: Merck.
Conflicts of interest.
Roles and responsibilities.
The Chief Risk Officer.

Case Study: Annual Report, Bank of America Corporation.
Case Study: Annual Report, Credit Suisse Group AG.
Case Study: Annual Report, Munich Re.

Data Owners, Process Owners.
The role of the internal auditors.
Continuous Auditing.
The role of the external auditors.
The role of the Board of Directors.
Case Study: Annual Report, Credit Suisse Group AG.
Case Study: Annual Report, GE.
Case Study: Annual Report, Lloyds Banking Group.
Case Study: Annual Report, Bank of America.
Case Study: Annual Report, Amazon.
Case Study: Annual Report, Daimler Group.

Part B: Sarbanes-Oxley, an international standard.

The need.
Companies affected.
American Depository Receipt (ADR) program.
Employees affected.
Foreign Private Issuers (FPIs) and Sarbanes-Oxley compliance.
EDGAR - Electronic Data Gathering, Analysis, and Retrieval system.
Case Studies: Microsoft, Sony.

The Sarbanes-Oxley Act.
Key sections, what we need to know.
Board's new responsibilities.
Management’s testing and documentation.
Management’s responsibilities.
Committees and teams.
Sections 302, 404, 906: The three certifications.
Sections 302, 404, 906: Examples and case studies.

The Securities and Exchange Commission (SEC) and the Sarbanes-Oxley Act.
The PCAOB and the new Auditing Standards: What we need to know.
Auditing Standard No. 1, to Auditing Standard No. 16.
Reorganized PCAOB Auditing Standards.

Control Deficiency.
Deficiency in Design.
Deficiency in Operation.
Significant Deficiency.
Material Weakness.

The Scope of the Sarbanes-Oxley Act.
Software and Spreadsheets after the Sarbanes-Oxley Act.
Service providers.

E-SOX, the European Sarbanes-Oxley.
The 8th Company Law Directive of the European Union.
Ahold, Parmalat and the new rules.
Article 45 - Registration and oversight of third-country auditors and audit entities.
The “equivalence” of a third country.
Article 46 - Derogation in the case of equivalence.

J-SOX, the Japanese Sarbanes-Oxley.
From Enron to Livedoor, Kokudo, Kanebo.
The Financial Instruments and Exchange Law.
J-SOX requirements similar to the U.S. Sarbanes-Oxley Act.
“Corporate Responsibility for Financial Reports”
“Management Assessment of Internal Controls”
From the Financial Services Agency (FSA), to the Certified Public Accountants and Auditing Oversight Board (CPAAOB), to the Securities and Exchange Surveillance Commission (SESC).

Part C: Basel II, Basel III – the new international standards in governance, risk and compliance

The Bretton Woods Agreement.
Bankhaus Herstatt.
The Bank for International Settlements (BIS).
The Basel Committee on Banking Supervision (BCBS).
The purposes of the Basel framework.

Basel I, Basel II, Basel III.
Basel I - The First Basel Capital Accord.
Basel II - The major amendment.
Pillar 1: Minimum capital requirements.
Pillar 2: Supervisory review process.
Pillar 3: Market discipline.
Branch office vs. subsidiary.
Credit risk, market risk, operation risk.
Operating, Operations, Operational risks.
Seven Event Types (Loss Categories).
The 8 business lines.

Delphi method - exploring the future.
5 categories of control breakdowns.
Outsourcing and Basel compliance.

The Basel III amendment.
The objective of the reform.
Basel III, sound corporate governance principles.
A. Board practices.
B. Senior management.
C. Risk management and internal controls.
D. Compensation.
E. Complex or opaque corporate structures.
F. Disclosure and transparency.
The role of the supervisors.

Part D: The Frameworks

The Committee of Sponsoring Organizations (COSO).
1992, COSO Internal Control — Integrated Framework.
The COSO cube.

Control Environment.
Risk Assessment.
Control Activities.
Information and Communication.

Effectiveness and Efficiency of Operations.
Reliability of Financial Reporting.
Compliance with applicable laws and regulations.

2013, COSO Internal Control — Integrated Framework.
The updated COSO cube.
Example: Cyber risk and COSO.

2004 - The COSO Enterprise Risk Management (ERM) Framework.
The differences between COSO and COSO ERM.
Components of Enterprise Risk Management.
The COSO ERM cube.

Is COSO ERM needed for compliance?
Internal Environment.
Objective Setting.
Event Identification.
Risk Assessment.
Risk Response.
Control Activities.
Information and Communication.

Objectives: Strategic, Operations, Reporting, Compliance.
ERM – Application Techniques.
2017 - The updated COSO ERM.
Enterprise Risk Management and Strategy Selection.

Control Objectives for IT - COBIT.

Part E: Designing and implementing a risk and compliance program

Which is the best program?
Principles of Effective Compliance Programs, from the US Bureau of Industry and Security.
Comprehensive compliance programs.

The Rulemaking Process in the US and the EU.
International and national regulatory requirements.
Regulatory compliance in Europe.
Regulatory compliance in the USA.
Canada’s Sarbanes Oxley.
The GCC (Gulf Cooperation Council) Countries.
The Offshore Financial Centers (OFCs).
The Special Purpose Entities (SPEs).

For secure payment we work with PayPal, the faster and safer way to make online payments. With PayPal we minimize the cost of administration and compliance with national and international laws, so we can keep the cost of our programs and services so low.

Only PayPal receives your credit card number and your financial information. We receive your full name, your email, and your mail address. According to the PayPal rules, you have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our programs or services for any reason, all you must do is to send us an email and we will refund the payment, no questions asked.

When you click "Buy Now" below, you will be redirected to the PayPal web site. Your payment will be received by our strategic partner and service provider, Cyber Risk GmbH (Rebackerstrasse 7, 8810 Horgen, Switzerland, Handelsregister des Kantons Zürich, Firmennummer: CHE-244.099.341). Cyber Risk GmbH may also send certificates to all members.

We will send the program up to 24 hours after the payment.

The all-inclusive cost is $297. There is no additional cost, now or in the future, for this program.


What is included in this price:

A. The official presentations we use in our instructor-led classes (1,427 slides)

B. Up to 3 Online Exams

You have to pass one exam. If you fail, you must study the official presentations and try again, but you do not need to spend money. Up to 3 exams are included in the price. To learn more you may visit:


C. Your certificate

Processing and posting to your office or home (via registered mail).

Frequently Asked Questions

1. How comprehensive are the presentations? Are they just bullet points?

Answer: The presentations are not bullet points, you can read them, understand, and learn. These are the official presentations we use in our instructor-led classes.

2. Do I need to buy books to pass the exam?

Answer: No. If you study the presentations, you can pass the exam. All the exam questions are clearly answered in the presentations.

If you fail the first time, you must study more. Print the presentations and use Post-it to attach notes, like "COSO", "Operational Risk" etc., to know where to find the answer of a question.

3. Is it an open book exam? Why?

Answer: Yes, it is an open book exam. Risk and compliance management is not something you have to memorize, it is something you must understand and learn.

4. Do I have to sit for the exam soon after receiving the presentations?

Answer: No. You can sit for the exam from your office or home, any time in the future. Your account never expires and there is no restriction of any kind.

5. Do I have to spend more money in the future to remain certified?

Answer: No. Your certificate never expires. It will be valid, without the need to spend money or to sit for another exam in the future.

6. Ok, the certificate never expires, but things change.

Answer: Recertification would be a great recurring revenue stream for the association, but it would also be a recurring expense for our members. We resisted the temptation to "introduce multiple recurring revenue streams to keep business flowing", as we were consulted. No recertification is needed for our programs.

Things change, and this is the reason you need to become (at no cost) a member of the association. You will receive our newsletter every Monday, with updates, alerts and opportunities, to stay current.

7. How many hours do I need to study to pass the exam?

Answer: It depends on your knowledge and experience. You must study the presentations at least twice, to ensure you have learned the details. The average time needed is about 35 hours, but there are important differences.

8. I want to learn more about the online exam.

Answer: You will be given 90 minutes to complete a 35-question multiple-choice exam. You must score 70% or higher.

We do not send sample questions. If you study the presentations carefully, you can score 100%.

9. Why should I get certified?

Answer: After the failures of so many organizations during the recent crisis, firms and organizations hire "fit and proper" professionals who can provide evidence that they are qualified.

Companies and organizations need assurance that employees have the knowledge and skills needed to mitigate risks, and to accept more responsibility. Supervisors and auditors ask for independent evidence that the process owners are qualified, and that the controls can operate as designed, because the persons responsible for these controls have the necessary knowledge and experience.

The marketplace is clearly demanding qualified professionals in risk and compliance management. Certified professionals enjoy industry recognition and have more and better job opportunities.

It is important to get certified and to belong to professional associations. You prove that you are somebody who cares, learns, and belongs to a global community of professionals.

10. Why should I choose your certification program?

Answer: It is always good to investigate first. We strongly believe that we offer very good value for money:

1. The CRCMP has become one of the most recognized certificates in risk management and compliance. There are CRCMPs in 32 countries. Companies and organizations like IBM, Accenture, American Express, USAA etc. consider the CRCMP a preferred certificate.

2. The all-inclusive cost of the program ($297) is very low. There is no additional cost for this program, now or in the future, for any reason.

3. There are 3 exams that are included in the cost of the program, so you do not have to spend money again if you fail.

4. No recertification is required. Your certificate never expires.