CRMA· IIA
Certification in Risk Management Assurance (IIA)
IIA’s CRMA specialises audit on risk management (ERM, COSO ERM 2017, Three Lines Model). Single 10-week exam path.
Term DefinitionRisk
Risk Register
A centralized document listing all identified risks of an organization.
The risk register is the central tool of risk management. It records each risk with: description, category, likelihood, impact, gross score (inherent risk), existing controls, net score (residual risk), owner, and action plan. It is continuously updated and regularly presented to the risk committee and board of directors. A mature risk register also links each risk to the organization's strategic objectives and associated KRIs for proactive monitoring.
📌 Key points
- Minimum structure: description, likelihood, impact, gross risk, controls, net risk, owner
- Presented to risk committee (quarterly) and board (annually or semi-annually)
- Must be linked to strategic objectives — not just a list of operational threats
- KRIs enable dynamic monitoring of each risk between formal assessments
- A GRC platform replaces Excel spreadsheets and ensures modification traceability
Related certifications
These certifications cover the concept of "Risk Register" in depth.
CIA· IIA
Certified Internal Auditor (IIA, 3 Parts)
The IIA CIA certification covers this concept in Part 1 (framework, IPPF) and Part 2 (audit practice). 60+ lessons and 1,258 original questions.
🔗 Related concepts
RiskRiskRiskRiskRiskRisk
Inherent Risk
The level of risk before any controls or mitigations are applied.
Residual Risk
The level of risk remaining after controls and mitigations have been applied.
Risk Matrix
A visual tool crossing likelihood and impact to prioritize risks.
Risk Appetite
The level of risk an organization is prepared to accept in pursuit of its objectives.
Key Risk Indicator (KRI)
A metric measuring the evolution of risk exposure over time.
Enterprise Risk Management (ERM)
An integrated, holistic approach to identifying and managing all organizational risks.
📖 Related articles
Master this concept and more
Start your GRC certification journey today.