CRISC Domain 3: Risk response and reporting Course

Module 3 covers ISACA CRISC Domain 3, including sections on risk response, control design and implementation and risk monitoring and reporting.

5 hours, 7 minutes

Course description

CRISC Domain 3 covers risk treatment and response options and dives into such topics as risk and control ownership; third-party risk management; emerging risk; control design and implementation; control types, standards and frameworks; control design, selection and analysis; control implementation; control testing and effectiveness evaluation; key risk indicators (KRIs) and more.


Domain 3: Supplemental materials

File - 00:10:00

The supplemental material for Domain 3 is an interactive pdf file on risk response strategies.
Domain 3: Risk response and reporting activity book

File - 00:10:00

The activity book consolidates all of the activities discussed in Domain 3.
Domain 3: Risk response and reporting participant guide

File - 00:10:00

This participant guide includes the various slides that the instructor presented in the videos for Domain 3 so that participants can review the main ideas, as well as relevant charts, graphics, questions and activities.
Domain 3: Risk response and reporting pre-reading materials

File - 00:10:00

The pre-reading document provides notes and definitions for terms used in the videos for Domain 3.
Domain 3: Risk response and reporting course summary

Video - 00:02:00

A short summary of Domain 3, reviewing the main areas covered in the preceding videos on IT risk response and reporting.
Performance, risk and control metrics

Video - 00:31:00

This video covers the metrics for determining risk controls effectiveness and provides details on metrics such as key performance indicators (KPIs), key risk indicators (KRIs) and key control indicators (KCIs).
Risk and control monitoring and reporting techniques

Video - 00:31:00

This video details methods and sources to help the risk practitioner with monitoring and reporting risks and assessing the effectiveness of various controls, such as heatmaps, scorecards and dashboards.
Data collection, aggregation, analysis and validation

Video - 00:28:00

In this video, learn how to collect, aggregate, analyze and validate data by using a variety of tools and data logs.
Risk treatment plans

Video - 00:16:00

Risk treatment plans for monitoring and reporting, the risk response process and risk mitigation are all covered in this course.
Control testing, implementation and effectiveness evaluation

Video - 00:31:00

This video begins with an overview of control testing, then delves into control implementation, review of implementation for lessons learned, control management procedures, various options for testing and best practices for testing.
Control design, selection and analysis

Video - 00:12:00

In this video, we discuss how to use control testing and incident management programs to assess the current state of risk and how to design, select and adjust to maintain the best risk controls.
Control types, standards and frameworks

Video - 00:27:00

This video describes various control types, as well as the standards and frameworks that are essential for the risk practitioner to know.
Managing risk from processes, third parties and emergent sources

Video - 00:41:00

This video details how risk can be managed when third parties are involved, new processes are implemented or emerging technologies are utilized.
Risk treatment/risk response options

Video - 00:26:00

This video describes how organizations must align their risk response to their business objectives and how to choose one or more of the four options for responding to risk: acceptance, mitigation, sharing and avoidance.
Risk and control ownership

Video - 00:12:00

This video starts with an overview of risk response, then details risk control and the ownership and accountability for various roles within an organization.
Introduction to Domain 3: Risk response and reporting

Video - 00:07:00

This introduction to Domain 3 notes the weight of the domain on the exam (32%) and provides the outline for the coursework and learning objectives for Domain 3: Risk Response and Reporting.
ISACA overview of Domain 3: Risk response and reporting

Video - 00:03:00

A brief overview of the ISACA CRISC coursework and exam for Domain 3: Risk Response and Reporting.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust