CRMA· IIA
Certification in Risk Management Assurance (IIA)
IIA’s CRMA specialises audit on risk management (ERM, COSO ERM 2017, Three Lines Model). Single 10-week exam path.
Term DefinitionRisk
Enterprise Risk Management (ERM)
An integrated, holistic approach to identifying and managing all organizational risks.
ERM according to COSO ERM 2017 aligns strategy, performance, and risk management. It moves beyond siloed risk views toward a global perspective encompassing strategic, operational, financial, compliance, and emerging risks. The COSO ERM 2017 framework is structured around 5 components: governance and culture, strategy and objective-setting, performance, review and revision, information communication and reporting. It helps boards exercise their strategic risk oversight function effectively.
📌 Key points
- COSO ERM 2017: 5 components, 20 principles — the global reference framework
- Goes beyond siloed management — integrates strategic risks into planning
- ISO 31000:2018 provides an alternative framework centered on principles and guidelines
- The CRO (Chief Risk Officer) is the steward of the ERM program
- Mature ERM links each risk to strategic objectives and performance indicators
Related certifications
These certifications cover the concept of "Enterprise Risk Management (ERM)" in depth.
CIA· IIA
Certified Internal Auditor (IIA, 3 Parts)
The IIA CIA certification covers this concept in Part 1 (framework, IPPF) and Part 2 (audit practice). 60+ lessons and 1,258 original questions.
🔗 Related concepts
RiskRiskRiskFrameworksRiskFrameworks
Risk Register
A centralized document listing all identified risks of an organization.
Risk Appetite
The level of risk an organization is prepared to accept in pursuit of its objectives.
Risk Matrix
A visual tool crossing likelihood and impact to prioritize risks.
Three Lines Model
A governance framework distributing control responsibilities across three levels.
Key Risk Indicator (KRI)
A metric measuring the evolution of risk exposure over time.
GRC Platform
Integrated software to manage Governance, Risk, and Compliance in one place.
📖 Related articles
Master this concept and more
Start your GRC certification journey today.