• Регистрация
Български (България)English (United Kingdom)
CRMA PDF Print E-mail

The CRMA is designed for internal auditors and risk management professionals with responsibility for and experience in providing risk assurance, governance processes, quality assurance, or control self-assessment (CSA).

The CRMA is one more mark of professional distinction for internal audit practitioners. Earning the CRMA will assist you in demonstrating your ability to:

· Provide assurance on core business processes in risk management and governance.

· Educate management and the audit committee on risk and risk management concepts.

· Focus on strategic organizational risks.

· Add value for your organization.

The CRMA exam is available through computer-based testing, allowing you to test year-round at more than 500 locations worldwide. In Bulgaria there are two examination centers:

· IT Consulting & Education, 115 G, Tsarigradsko shose blvd., Business Center Magapark, fl.1, office 6, 1784 Sofia;

· SAN PRO LTD, 14, Hristo Samsarov Str., Parter, 9000 Varna.

Access CCMS and visit the Forms sections to begin the CRMA application proccess.

Online Testing Now Available

To support the continued professional development of CIA and CRMA candidates around the world and in response to test center closures, The IIA now offering online testing. Watch this video for more information: https://www.theiia.org/sites/auditchannel/Pages/Videos.aspx?v=415367592

Steps to Certification

Below are the three steps to become certified in the profession.

Step 1: Apply

Create a profile in The IIA’s Certification Candidate Management System (CCMS) or access an existing profile. CCMS is a user-friendly system to help you apply for, register, and maintain your certification and related information, while keeping you connected to and informed about The IIA’s certification programs.

Upload required documents for program approval (education, government-issued photo ID) directly within the CCMS.

Obtain character reference(s) electronically via the CCMS.

You will not be able to register for the exam until your documents and application are approved.

Step 2: Test

Access your profile in CCMS.

Click “Manage Program.”

Register for the exam or exam part.

Schedule your exam.

Step 3: Become Certified

Complete your experience verification.

Receive your certification.

Access your certificate via the CCMS. A printed copy may be obtained with a fee.


CRMA candidates must meet the following eligibility requirements for education, character, work experience, and identification. Before a candidate application can be approved, ALL documentation (proof of education, character reference, and identification) must be received and approved by The IIA’s Certification staff.

CIA Part 1

The candidate must have successfully completed the requirements and passed Part 1 of the CIA exam. This can be done before, during, or after completion of the CRMA exam, but must be completed before the certification is granted. Review the requirements for the CIA exam Part 1.


Candidates must hold an Associate's degree or higher to be approved into one of The IIA’s certification programs. Common equivalents are a Foundation Degree, Diploma of Higher Education, Higher National Diploma,or three A-level certificates with a grade of C or higher are also acceptable.

Acceptable Documents:

Copy of your degree, official transcripts, or A-level certificates (If your name has changed since you earned your degree, you must also include your legal name change document.)

Letter from university confirming degree

Letter from evaluation services confirming degree level

If you have achieved a certificate or qualification outside of the US that is not a formal university degree, but meet degree equivalency standards, you will need to provide an official equivalency report from a credential evaluation service. Please note the report must be in English and cannot be issued by the same governing body that awarded your certificate or qualification. This document should be uploaded within the certification program application process in the educational upload field.

*The IIA has a reciprocity agreement with the AICPA and ACCA. A letter from the issuing body may be accepted.

Character Reference

A CRMA candidate must exhibit high moral and professional character and must submit a Character Reference signed by a CIA, CCSA, CFSA, CRMA, or the candidate's supervisor.

Work Experience

Candidates may apply to the certification program and sit for exams prior to obtaining the required work experience. However, candidates will not be certified until the experience requirement is met within the program eligibility period. Experience for the IIA’s certification programs is based on the maximum level of education achieved. The work experience requirements for the CRMA program are:

​Education Level

​Years of Work Experience Required

​Master's Degree (or equivalent)

​12 months - internal auditing experience or its equivalent

​Bachelor's Degree (or equivalent)

​24 months - internal auditing experience or its equivalent

​Associate's Degree, three A-Level
Certificates, grade C or higher (or equivalent)

​60 months - internal auditing experience or its equivalent

​Proof of Identification

Candidates must provide proof of identification in the form of a copy of the candidate’s official passport or national identity card. These must indicate current status; expired documents will not be accepted.

Eligibility Period

Please refer to the CRMA Transition Candidate Scenarios for program eligibility periods.


The CRMA exam is a non-disclosed examination. Candidates in the program agree to keep the contents of the CRMA exam confidential and therefore may not discuss the specific exam content with anyone except The IIA's Certification Department. Unauthorized disclosure of exam material will be considered a breach of the Code of Ethics and could result in disqualification of the candidate or other appropriate censure.

Code of Ethics

CRMA candidates agree to abide by the Code of Ethics established by The IIA.

Continuing Professional Education (CPE)

Upon certification, CRMAs are required to maintain their knowledge and skills and stay abreast of improvements and current developments by satisfying CPE requirements.

IIA Membership

In most cases, you do not have to be a member of The IIA to take the CRMA exam or become a CRMA, but we encourage you to consider its advantages. There are some countries, however, that do require candidates to be IIA members to take the CRMA exam. Candidates in any of the countries listed on the map located at the top right of this page should contact their local institute to verify this requirement.

IIA members receive discounts on CRMA review materials and courses and have access to the latest exam preparation resources, networking opportunities, and current CRMA news and information.Upon certification, CRMAs are required to maintain their knowledge and skills and stay abreast of improvements and current developments by satisfying CPE requirements.

Certification in Risk Management Assurance™ (CRMA®) Exam Syllabus

The CRMA exam includes two sections: Part 1 of the CIA exam and a separate CRMA exam, which consists of 100 multiple-choice questions covering four domains. The CRMA exam requires a completion time of two hours.

Standards tested on the CRMA exam:

· CIA exam Part 1 topics tested include aspects of the IPPF, responsibilities of the internal audit activity, independence and objectivity, governance concepts, risk identification and management, management controls, and audit planning.

· The CRMA exam topics tested include governance aspects and principles of risk management assurance in addition to appropriate assurance and consulting roles for internal audit professionals.

The CRMA exam core content covers four domains:

Domain I: Organizational governance related to risk management (25-30%)

A. Assess risk management processes in the context of alignment with strategic imperatives

Objectives of risk management processes

Organization's risk culture

Risk capacity, appetite, and tolerance of organization

B. Assess the processes related to the elements of the internal environment in which organizations seek to manage risks and achieve objectives

Integrity, ethical values, and other soft controls

Role, authority, responsibility, etc., for risk management

Management's philosophy and operating style

Legal/Organizational structure

Documentation of governance-related decision-making

Capabilities, in terms of people and other resources (e.g., capital, time, processes, systems, and technologies)

Management of third-party business relationships

Needs and expectations of key internal stakeholders

Internal policies

C. Assess the processes related to the elements of the external environment in which organizations seek to manage risks and achieve objectives

Key external factors (drivers and trends) that may impact the objectives of the organization

Needs and expectations of key external stakeholders (e.g., involved, interested, influenced)

Domain II: Principles of risk management processes (25-30%)

A. Benchmark risk management processes using authoritative guidance

B. Evaluate risk management processes related to:

Setting objectives at all levels to achieve strategic initiatives

Identifying risks

Risk analysis and evaluation including correlation, interdependencies, and prioritization

Risk response (e.g., avoid, transfer, mitigate, accept), including cost/benefit analysis

Developing and implementing risk mitigation plans

Monitoring risk mitigation plans and emerging risks

Reporting risk management processes and risks, including risk mitigation plans and emerging risks

Periodic review of risk management processes to aid in continuous improvement

Domain III: Assurance role of the Internal Auditor (20-25%)

A. Review the management of key risks

B. Evaluate the reporting of key risks

C. Provide assurance that risks are adequately evaluated

D. Provide assurance on risk management processes

Domain IV: Consulting role of the Internal Auditor (20-25%)

A. Facilitate identification and evaluation of risks

B. Coach management in responding to risks

C. Coordinate risk management activities

D. Consolidate reporting on risks

E. Maintain and develop the risk management framework

F. Advocate for the establishment of risk management

G. Develop risk management strategy for board approval

Exam Preparation Resources find here.

Access CCMS and visit the Complete a Form section to begin the practice test experience.

Copyright © 2024. www.iiabg.org.

S5 Box




Fields marked with an asterisk (*) are required.