GET CERTIFIED

Note: Membership is not a prerequisite for obtaining certifications from the association.

Our training and certification programs.

1. Certified Risk and Compliance Management Professional (CRCMP), distance learning and online certification program. You can find all information below.

2. Certified Information Systems Risk and Compliance Professional (CISRCP), distance learning and online certification program. You may visit: https://www.risk-compliance-association.com/CISRCP_Distance_Learning_and_Certification.htm

3. Certified Risk and Compliance Management Professional in Insurance and Reinsurance CRCMP(Re)I, distance learning and online certification program. You may visit: https://www.risk-compliance-association.com/CRCMP_Re_I.htm

4. Certified Cyber (Governance Risk and Compliance) Professional CC(GRC)P, distance learning and online certification program. You may visit: https://www.risk-compliance-association.com/CC_GRC_P_Distance_Learning_and_Certification.htm

5. Travel Security Trained Professional (TSecTPro), distance learning and online certification program. You may visit: https://www.risk-compliance-association.com/TSecTPro_Distance_Learning_and_Certification.htm


Certified Risk and Compliance Management Professional (CRCMP), distance learning and online certification program

Note: The Certified Risk and Compliance Management Professional (CRCMP) program should not be confused with the Certified Regulatory and Compliance Professional (CRCP) program provided by FINRA.

Overview

The CRCMP has gained significant recognition as a top certification for professionals in risk management and compliance. With CRCMP holders in 57 countries, companies and organizations around the world consider it a preferred certification choice.

Discover more about the demand for CRCMPs at: https://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf




Objectives

The CRCMP program is designed to equip professionals with the essential knowledge and skills needed to understand and support regulatory compliance and enterprise-wide risk management. It also thoroughly prepares them to pass the Certified Risk and Compliance Management Professional (CRCMP) exam.

Target Audience

The CRCMP program is beneficial to:

  • - Managers and professionals involved in designing and implementing risk and compliance strategies, policies, procedures, risk assessments, control activities, testing, documentation, monitoring, and reporting.
  • - Information security professionals, including IT security managers, cybersecurity analysts, and information security officers.
  • - Vendors, suppliers, and service providers involved in risk and compliance processes.
  • - Employers seeking qualified professionals who meet the fit and proper requirements.

Course Synopsis
Part A: Introduction to governance, risk, compliance, risk management.
Governance and corporate governance.
  • Basel Committee, corporate governance principles.
  • The OECD (Organization for Economic Cooperation and Development) principles of corporate governance.
  • Financial Stability Board (FSB), Thematic Review on Risk Governance.
  • FSB, Thematic Review on Corporate Governance.
  • FSB, Strengthening Governance Frameworks to Mitigate Misconduct Risk.
  • Case studies.

  • What is risk?
  • Risk and uncertainty.
  • Risk in the corporate and the military environment.
  • Risk response.
  • Risk acceptance.
  • Risk avoidance.
  • Risk transfer, risk sharing.
  • Risk mitigation.
  • Is risk a good or a bad thing?
  • Risk and opportunity, US National Intelligence Strategy.
  • Cyber risks.
  • Policies, Procedures, Baselines, Guidelines, Ethics.
  • Threats and Vulnerabilities.
  • Case studies.

  • Understanding risk management.
  • Risk management, and the role of the Chief Risk Officer (CRO).
  • Risk management problems.
  • Risk perception, optimism bias, availability bias, control bias, narrative bias.
  • Over-optimism, misrepresentation, alarmism, prejudice.
  • Risk management in the corporate and the military environment.
  • NIST Special Publication 800-30.
  • Risk Mitigation Methodology Flowchart.
  • Case studies.

  • Understanding Compliance Management.
  • Compliance, and the role of the Chief Compliance Officer (CCO).
  • Regulatory reporting.
  • Training.
  • Enterprise-wide risk and compliance program.
  • Compliance and the compliance function in banks, from the Basel Committee.
  • Case studies.

  • Outsourcing and Risk Management.
  • Key Risks of Outsourcing.
  • Outsourcing and Compliance.


  • Part B: Sarbanes-Oxley, an international standard.
    The need.
  • Companies affected.
  • American Depository Receipt (ADR) program.
  • Employees affected.
  • Foreign Private Issuers (FPIs) and Sarbanes-Oxley compliance.
  • EDGAR - Electronic Data Gathering, Analysis, and Retrieval system.
  • Case Studies.

  • The Sarbanes-Oxley Act.
  • Key sections, what we need to know.
  • Board's new responsibilities.
  • Management’s testing and documentation.
  • Management’s responsibilities.
  • Committees and teams.
  • Sections 302, 404, 906: The three certifications.
  • Sections 302, 404, 906: Examples and case studies.
  • The Securities and Exchange Commission (SEC) and the Sarbanes-Oxley Act.
  • The PCAOB and the new Auditing Standards: What we need to know.
  • Control Deficiency.
  • Deficiency in Design.
  • Deficiency in Operation.
  • Significant Deficiency.
  • Material Weakness.

  • The Scope of the Sarbanes-Oxley Act.
  • Software and Spreadsheets after the Sarbanes-Oxley Act.
  • Service providers.

  • E-SOX, the European Sarbanes-Oxley.
  • The 8th Company Law Directive of the European Union.
  • Ahold, Parmalat and the new rules.
  • The “equivalence” of a third country.

  • J-SOX, the Japanese Sarbanes-Oxley.
  • From Enron to Livedoor, Kokudo, Kanebo.
  • The Financial Instruments and Exchange Law.
  • J-SOX requirements similar to the U.S. Sarbanes-Oxley Act.
  • From the Financial Services Agency (FSA) to the Certified Public Accountants and Auditing Oversight Board (CPAAOB), to the Securities and Exchange Surveillance Commission (SESC).


  • Part C: Basel II, Basel III – the new international standards in governance, risk, and compliance
  • The Bretton Woods Agreement.
  • Bankhaus Herstatt.
  • The Bank for International Settlements (BIS).
  • The Basel Committee on Banking Supervision (BCBS).
  • The purposes of the Basel framework.

  • Basel I, Basel II, Basel III.
  • Basel I - The First Basel Capital Accord.
  • Basel II - The major amendment.
  • Pillar 1: Minimum capital requirements.
  • Pillar 2: Supervisory review process.
  • Pillar 3: Market discipline.
  • Branch office vs. subsidiary.
  • Credit risk, market risk, operation risk.
  • Operating, Operations, Operational risks.
  • Seven Event Types (Loss Categories).
  • The 8 business lines.
  • Delphi method - exploring the future.
  • 5 categories of control breakdowns.

  • The Basel III amendment.
  • The objective of the reform.
  • Basel III, sound corporate governance principles.
  • A. Board practices.
  • B. Senior management.
  • C. Risk management and internal controls.
  • D. Compensation.
  • E. Complex or opaque corporate structures.
  • F. Disclosure and transparency.
  • The role of the supervisors.


  • Part D: The Frameworks
    COSO Internal Control — Integrated Framework.
  • The COSO cube.
  • Control Environment.
  • Risk Assessment.
  • Control Activities.
  • Information and Communication.
  • Monitoring.
  • Effectiveness and Efficiency of Operations.
  • Reliability of Financial Reporting.
  • Compliance with applicable laws and regulations.

  • The new COSO Internal Control — Integrated Framework.
  • The updated COSO cube.
  • Example: Cyber risk and COSO.

  • COSO Enterprise Risk Management (ERM) Framework.
  • The differences between COSO and COSO ERM.
  • Components of Enterprise Risk Management.
  • The COSO ERM cube.

  • Is COSO ERM needed for compliance?
  • Internal Environment.
  • Objective Setting.
  • Event Identification.
  • Risk Assessment.
  • Risk Response.
  • Control Activities.
  • Information and Communication.
  • Monitoring.
  • Objectives: Strategic, Operations, Reporting, Compliance.
  • ERM – Application Techniques.
  • 2017, the updated COSO ERM.
  • Enterprise Risk Management and Strategy Selection.


  • Part E: Designing and implementing a risk and compliance program.
    Which is the best program?
  • Principles of Effective Compliance Programs, from the US Bureau of Industry and Security.
  • Comprehensive compliance programs.
  • U.S. Department of Justice, Evaluation of Corporate Compliance Programs.
  • The three fundamental questions.
  • 1. Is the Corporation’s Compliance Program Well Designed?
  • 2. Is the Corporation’s Compliance Program Being Implemented Effectively?
  • 3. Does the Corporation’s Compliance Program Work in Practice?


  • Part F: Artificial Intelligence and Risk Management.

    The objective of this part of the program is to give a general understanding of the subject. An in-depth analysis would require thousands of pages.

  • Artificial intelligence, machine learning, synthetic data.
  • AI, machine learning, and risk.
  • AI, prevention, detection and response.
  • The case study from Morgan Stanley.
  • AI, disinformation, deep fakes, sock puppets, social bots, cyborgs, micro-targeting.

  • The Artificial Intelligence Act of the EU.
  • The Framework for AI Cybersecurity Practices (FAICP framework), from the European Union Agency for Cybersecurity.
  • Layer I (cybersecurity foundations).
  • Layer II (AI-specific).
  • Layer III (Sectoral AI).

  • The NIST framework: Artificial Intelligence Risk Management Framework (AI RMF 1.0).
  • Part 1: Foundational Information.
  • Part 2: Core and Profiles.
  • AI RMF Profiles.

  • Closing remarks.

  • Become a Certified Risk and Compliance Management Professional (CRCMP)

    We will send the program up to 24 hours after the payment. Please remember to check the spam folder of your email client too, as emails with attachments are often landed in the spam folder.

    You have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our programs or services for any reason, all you must do is to send us an email, and we will refund the payment, no questions asked.

    Your payment will be received by our strategic partner and service provider, Cyber Risk GmbH (Dammstrasse 16, 8810 Horgen, Switzerland, Handelsregister des Kantons Zürich, Firmennummer: CHE-244.099.341). Cyber Risk GmbH may also send certificates to all members.

    The all-inclusive cost for this program is $297. There are no hidden fees or additional charges, now or in the future, for any reason.

    First option: You can purchase the Certified Risk and Compliance Management Professional (CRCMP) program with VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.
    Purchase the CRCMP program here (VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.)




    Second option: QR code payment.

    i. Open the camera app or the QR app on your phone.

    ii. Scan the QR code and possibly wait for a few seconds.

    iii. Click on the link that appears, open your browser, and make the payment.



    Third option: You can purchase the Certified Risk and Compliance Management Professional (CRCMP) program with PayPal

    When you click "PayPal" below, you will be redirected to the PayPal web site. If you prefer to pay with a card, you can click "Debit or Credit Card" that is also powered by PayPal.


    What is included in the program:
    A. The official presentations (1935 slides)

    The presentations are suitable for both online and offline study. Busy professionals have complete control over their learning, allowing them to study at their own pace. They can move quickly through familiar topics and spend more time on areas where they need additional focus.

    B. Up to 3 online exam attempts per year

    Candidates need to pass only one exam to become CRCMPs. If they do not pass, they must study the official presentations and retake the exam. Each candidate is allowed up to three exam attempts per year.

  • If candidates do not pass the exam on their first attempt, they are allowed to retake it a second time.
  • If they do not pass the exam on their second attempt, they are allowed to retake it a third time.
  • If candidates do not achieve a passing score on their third attempt, they must wait at least one year before retaking the exam. There is no additional cost for any subsequent exam attempts.

  • To learn more, you may visit:
    https://www.risk-compliance-association.com/Questions_About_The_Certification_And_The_Exams_1.pdf

    https://www.risk-compliance-association.com/CRCMP_Certification_Steps_1.pdf

    C. The Certificate, with a scannable QR code for verification.

    You will receive your certificate via email in Adobe Acrobat format (pdf), with a scannable QR code for verification, within 7 business days after passing the exam. A business day refers to any day in which normal business operations are conducted (in our case Monday through Friday), excluding weekends and public holidays.

    Certified Risk and Compliance Management Professional (CRCMP)
    D. One web page of the International Association of Risk and Compliance Professionals (IARCP) dedicated to you (https://www.risk-compliance-association.com/Your_Name.htm).

    When third parties scan the QR code on your certificate, they will be directed to your dedicated page on the International Association of Risk and Compliance Professionals (IARCP) website. Here, they can verify that you are a certified professional and confirm the validity and legitimacy of your certificates.

    On this dedicated web page, we will display your name, the certificates you have received from us, images of your certificates, and, if applicable, a picture of your lifetime membership certificate.

    This is an example: https://www.risk-compliance-association.com/John_Anderson.htm

    Professional certificates are among the most commonly falsified documents. Employers and third parties need a quick and reliable way to verify their authenticity. QR code verification provides an effective and efficient solution to this need.


    Frequently Asked Questions
    1. I want to learn more about the International Association of Risk and Compliance Professionals (IARCP).

    The IARCP is a global community of risk and compliance management experts who explore career avenues and acquire lifelong skills.

    The IARCP is wholly owned by Compliance LLC, a company incorporated in Wilmington, NC, with offices in Washington, DC. Compliance LLC provides risk and compliance training and certification in 57 countries.

    Several business units of Compliance LLC operate as successful associations, offering memberships, weekly or monthly updates, training, certification, interest representation, and other services to their members. The business units of Compliance LLC include:

    - The Sarbanes-Oxley Compliance Professionals Association (SOXCPA), the largest Association of Sarbanes-Oxley professionals in the world. You may visit: https://www.sarbanes-oxley-association.com

    - The Basel iii Compliance Professionals Association (BiiiCPA), the largest association of Basel iii Professionals in the world. You may visit: https://www.basel-iii-association.com

    - The Solvency II Association, the largest association of Solvency II professionals in the world. You may visit: https://www.solvency-ii-association.com

    The Certified Risk and Compliance Management Professional (CRCMP) certificate has become one of the most recognized certificates in risk management and compliance. There are CRCMPs in 57 countries. Companies and organizations around the world consider the CRCMP a preferred certificate.

    You can find more about the demand for CRCMPs at: https://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf


    CRCMP

    2. Does the association offer training?

    The IARCP provides distance learning and online certification programs globally, along with in-house, instructor-led training programs for companies and organizations in many countries.

    A. Distance learning and online certification programs.

    1. Certified Risk and Compliance Management Professional (CRCMP). To learn more, you may visit: https://www.risk-compliance-association.com/Distance_Learning_and_Certification.htm
    2. Certified Information Systems Risk and Compliance Professional (CISRCP). To learn more, you may visit: https://www.risk-compliance-association.com/CISRCP_Distance_Learning_and_Certification.htm
    3. Certified Risk and Compliance Management Professional in Insurance and Reinsurance CRCMP(Re)I. To learn more, you may visit: https://www.risk-compliance-association.com/CRCMP_Re_I.htm
    4. Certified Cyber (Governance Risk and Compliance) Professional CC(GRC)P. To learn more, you may visit: https://www.risk-compliance-association.com/CC_GRC_P_Distance_Learning_and_Certification.htm
    5. Travel Security Trained Professional (TSecTPro). To learn more, you may visit: https://www.risk-compliance-association.com/TSecTPro_Distance_Learning_and_Certification.htm

    B. Instructor-led training.

    The association develops and maintains five certification programs and numerous customized training programs for directors, executive managers, risk and compliance managers, internal and external auditors, data owners, process owners, consultants, suppliers, and service providers.

    For instructor-led training, you may contact Lyn Spooner at: lyn@risk-compliance-association.com

    3. Is there any discount available for the distance learning programs?

    We do not offer a discount on your first program to keep the cost as low as possible for all members. However, you will receive a $100 discount on your second and each subsequent program.

    For example, after you purchase the Certified Risk and Compliance Management Professional (CRCMP) program at $297, you can purchase:

    1. The Certified Information Systems Risk and Compliance Professional (CISRCP) program at $197 (instead of $297).
    2. The Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P program at $197 (instead of $297).
    3. The Certified Risk and Compliance Management Professional in Insurance and Reinsurance - CRCMP(Re)I program at $197 (instead of $297).
    4. The Travel Security Trained Professional (TSecTPro) program at $197 (instead of $297).

    If you purchase the Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P program, you have a 50% discount for the Travel Security Trained Professional (TSecTPro) program (the all-inclusive cost is $148, instead of $297).

    Lifetime members can purchase any distance learning and online certification program for $148, instead of the regular price of $297.

    If you are a lifetime member or have previously purchased one of our programs and wish to purchase your next program at a discounted rate, please contact Lyn Spooner via email at lyn@risk-compliance-association.com to receive the URL for the discounted price.

    4. Are your training and certification programs vendor neutral?

    Yes. We do not promote any products or services, and we are 100% independent.

    5. Are there any entry requirements or prerequisites required for enrolling in the training programs?

    There are no entry requirements or prerequisites for enrollment. Our programs provide individuals of all levels the opportunity to learn, grow, and develop new skills without needing prior qualifications or specific experience.

    6. I want to learn more about the exam.

    You can take the exam online from your home or office, in all countries.

    It is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.

    You will be given 90 minutes to complete a 35-question exam. You must score 70% or higher.

    The exam contains only questions that have been clearly answered in the official presentations.

    All exam questions are multiple-choice, composed of two parts:

    a. A stem (a question asked, or an incomplete statement to be completed).

    b. Four possible responses.

    In multiple-choice questions, you must not look for a correct answer, you must look for the best answer. Cross out all the answers you know are incorrect, then focus on the remaining ones. Which is the best answer? With this approach, you save time, and you greatly increase the likelihood of selecting the correct answer.

    TIME LIMIT - This exam has a 90-minute time limit. You must complete this exam within this time limit, otherwise the result will be marked as an unsuccessful attempt.

    BACK BUTTON - When taking this exam you are NOT permitted to move backwards to review/change prior answers. Your browser back button will refresh the current page instead of moving backward.

    RESTART/RESUME – You CANNOT stop and then resume the exam. If you stop taking this exam by closing your browser, your answers will be lost, and the result will be marked as an unsuccessful attempt.

    SKIP - You CANNOT skip answering questions while taking this exam. You must answer all the questions in the order the questions are presented.

    We do not send sample questions or past exams. If you study the presentations, you can score 100%.

    a. When you are ready to take the CRCMP exam, you must follow the steps: https://www.risk-compliance-association.com/CRCMP_Certification_Steps_1.pdf

    b. When you are ready to take the CISRCP exam, you must follow the steps: https://www.risk-compliance-association.com/CISRCP_Certification_Steps_1.pdf

    c. When you are ready to take the CRCMP(Re)I exam, you must follow the steps: https://www.risk-compliance-association.com/CRCMP_Re_I_Certification_Steps.pdf

    d. When you are ready to take the CC(GRC)P exam, you must follow the steps: https://www.risk-compliance-association.com/CC_GRC_P_Certification_Steps_1.pdf

    e. When you are ready to take the TSecTPro exam, you must follow the steps: https://www.risk-compliance-association.com/TSecTPro_Certification_Steps_1.pdf

    7. How comprehensive are the presentations? Are they just bullet points?

    The presentations are not bullet points. They are effective and appropriate to study online or offline.

    8. Do I need to buy books to pass the exam?

    No. If you study the presentations, you can pass the exam. All the exam questions are clearly answered in the presentations. If you fail the first time, you must study more. Print the presentations and use Post-it to attach notes, to know where to find the answer to a question.

    9. Is it an open book exam? Why?

    Yes, it is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.

    10. Do I have to take the exam soon after receiving the presentations?

    No. You can take the exam at any time. Your account never expires, granting you lifetime access to the training program. Any updates to the training material will be provided to you free of charge.

    11. Do I have to spend more money in the future to remain certified?

    No. Your certificate never expires. It will remain valid, without any additional costs or the need to retake the exam in the future.

    12. Ok, the certificate never expires, but things change.

    Recertification would be a great recurring revenue stream for the association, but it would also be a recurring expense for our members. We resisted the temptation to "introduce multiple recurring revenue streams to keep business flowing", as we were consulted. No recertification is needed for our programs.

    Things change, and this is the reason you need to become (at no cost) a member of the association. Every week you can visit the "Reading Room" of the association and read our newsletter with updates, alerts, and opportunities, to stay current.

    13. How many hours do I need to study to pass the exam?

    To ensure you have learned the details, you should study the presentations at least twice. The average time required is:

    - 37 hours for the CRCMP program,
    - 26 hours for the CISRCP program,
    - 35 hours for the CC(GRC)P program,
    - 34 hours for the CRCMP(Re)I program, and
    - 12 hours for the TSecTPro program.

    This is the average time needed. There are important differences among members.

    14. I want to receive a printed certificate. Can you send me one?

    Unfortunately this is not possible. You will receive your certificate via email in Adobe Acrobat format (pdf), with a scannable QR code for verification, 7 business days after you pass the exam. A business day refers to any day in which normal business operations are conducted (in our case Monday through Friday), excluding weekends and public holidays.

    The association will develop a dedicated web page for each certified professional (https://www.risk-compliance-association.com/Your_Name.html). In your dedicated web page we will add your full name, all the certificates you have received from the association, and the pictures of your certificates.

    When third parties scan the QR code on your certificate, they will visit your dedicated web page, and they will be able to verify that you are a certified professional, and your certificates are valid and legitimate.

    Professional certificates are some of the most frequently falsified documents. Employers and third parties need an easy, effective, and efficient way to check the authenticity of each certificate. QR code verification is a good response to this demand.

    You can print your certificate that you will receive in Adobe Acrobat format (pdf). With the scannable QR code, all third parties can verify the authenticity of each certificate in a matter of seconds.

    15. Which is the refund policy?

    The association has a very clear refund policy: You have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our programs or services for any reason, all you must do is to send us an email, and we will refund the payment after one business day, no questions asked.

    16. Why should I get certified, and why should I choose your certification programs?

    1. The CRCMP has become one of the most recognized certificates in risk management and compliance. There are CRCMPs in 57 countries. Companies and organizations around the world consider the CRCMP a preferred certificate. You can find more about the demand for CRCMPs at: https://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf
    2. Our training programs are flexible and convenient. Learners can access the course material and take the exam at any time and from any location. This is especially important for those with busy schedules.
    3. The all-inclusive cost of our programs is very low. There is no additional cost for each program, now or in the future, for any reason.
    4. If you purchase a second program, you have a $100 discount. The all-inclusive cost for your second (and each additional) program is $197.
    5. There are 3 exam attempts per year that are included in the cost of each program, so you do not have to spend money again if you fail.
    6. No recertification is required. Your certificates never expire.
    7. The marketplace is clearly demanding qualified professionals in risk and compliance management. Certified professionals enjoy industry recognition and have more and better job opportunities. It is important to get certified and to belong to professional associations. You prove that you are somebody who cares, learns, and belongs to a global community of professionals.
    8. Firms and organizations hire and promote fit and proper professionals who can provide evidence that they are qualified. Employers need assurance that managers and employees have the knowledge and skills needed to mitigate risks and accept responsibility. Supervisors and auditors ask for independent evidence that the process owners are qualified, and that the controls can operate as designed, because the persons responsible for these controls have the necessary knowledge and experience.
    9. Professionals that gain more skills and qualifications often become eligible for higher-paying roles. Investing in training can have a direct positive impact on a manager's or employee's earning potential.

    IARCP, some of our clients