Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorCertificationBreadcrumb SeparatorCRMA CertificationBreadcrumb SeparatorExam Syllabus Domain 2

​​Certification in Risk Management Assurance™ (CRMA®) Exam Syllabus — Domain II

Principles of risk management processes (25-30%)

A. Benchmark risk management processes using authoritative guidance

B. Evaluate risk management processes related to:

  1. Setting objectives at all levels to achieve strategic initiatives
  2. Identifying risks
  3. Risk analysis and evaluation including correlation, interdependencies, and prioritization
  4. Risk response (e.g., avoid, transfer, mitigate, accept), including cost/benefit analysis
  5. Developing and implementing risk mitigation plans
  6. Monitoring risk mitigation plans and emerging risks
  7. Reporting risk management processes and risks, including risk mitigation plans and emerging risks
  8. Periodic review of risk management processes to aid in continuous improvement

IMPORTANT! CCMS users go here to prepare for Single Sign On.

Access CCMS

Candidates from the following countries must refer to their local IIA Institute web-site or contact their local representative for more information about local certification processes:


The information contained on this website pertains to all other countries.