• Регистрация
Български (България)English (United Kingdom)
CRMA PDF Print E-mail


The CRMA is designed for internal auditors and risk management professionals with responsibility for and experience in providing risk assurance, governance processes, quality assurance, or control self-assessment (CSA). It demonstrates an individual’s ability to evaluate the dynamic components that comprise an organization’s governance and enterprise risk management program and provide advice and assurance around these issues.

The CRMA is one more mark of professional distinction for internal audit practitioners. Earning the CRMA will assist you in demonstrating your ability to:

· Provide assurance on core business processes in risk management and governance.

· Educate management and the audit committee on risk and risk management concepts.

· Focus on strategic organizational risks.

· Add value for your organization.

The CRMA exam is available through computer-based testing, allowing you to test year-round at more than 500 locations worldwide. In Bulgaria there are two examination centers:

· IT Consulting & Education, 115 G, Tsarigradsko shose blvd., Business Center Magapark, fl.1, office 6, 1784 Sofia;

· SAN PRO LTD, 14, Hristo Samsarov Str., Parter, 9000 Varna.

Access CCMS and visit the Forms sections to begin the CRMA application proccess.


CRMA candidates must meet the following eligibility requirements for education, character, work experience, facilitation experience/training, and identification. Before a candidate application can be approved, ALL documentation (proof of education, character reference, and identification) must be received and approved by The IIA’s Certification staff.

CIA Part 1

The candidate must have successfully completed the requirements and passed Part 1 of the CIA exam. This can be done before, during, or after completion of the CRMA exam, but must be completed before the certification is granted.


The candidate must have a post-secondary (four-year) degree or higher from an accredited college or university, or a minimum two years of post-secondary education with an accredited organization, plus three years of general business experience.

Acceptable Documents: Copy of your diploma.

Character Reference

CRMA candidates must exhibit high moral and professional character and must submit a Character Reference Form signed by a CIA, CGAP, CCSA, CFSA, CRMA, or the candidate's supervisor.

Acceptable Documents: Character Reference Form

Work Experience

CRMA candidates must obtain 24 months of auditing experience or controls-related business experience such as risk management, quality assurance, or CSA. A completed Experience Verification Form is required. Candidates may apply to the program and sit for the exam prior to satisfying the professional experience requirement, but will not be certified until all program requirements have been met.

Acceptable Documents: Professional Experience Verification Form

Proof of Identification

Candidates must provide proof of identification in the form of a copy of the candidate’s official passport or national identity card. These must indicate current status; expired documents will not be accepted.

Eligibility Period

Effective November 2010, the certification program’s eligibility requires candidates to complete the program certification process within four years of application approval. If a candidate has not completed the certification process within four years, all fees and exam parts will be forfeited.


The CRMA exam is a non-disclosed examination. Candidates in the program agree to keep the contents of the CRMA exam confidential and therefore may not discuss the specific exam content with anyone except The IIA's Certification Department. Unauthorized disclosure of exam material will be considered a breach of the Code of Ethics and could result in disqualification of the candidate or other appropriate censure.

Code of Ethics

CRMA candidates agree to abide by the Code of Ethics established by The IIA.

Continuing Professional Education (CPE)

Upon certification, CRMAs are required to maintain their knowledge and skills and stay abreast of improvements and current developments by satisfying CPE requirements.

Certification in Risk Management Assurance™ (CRMA®) Exam Syllabus

The CRMA exam includes two sections: Part 1 of the CIA exam and a separate CRMA exam, which consists of 100 multiple-choice questions covering four domains. The CRMA exam requires a completion time of two hours.

Standards tested on the CRMA exam:

· CIA exam Part 1 topics tested include aspects of the IPPF, responsibilities of the internal audit activity, independence and objectivity, governance concepts, risk identification and management, management controls, and audit planning.

· The CRMA exam topics tested include governance aspects and principles of risk management assurance in addition to appropriate assurance and consulting roles for internal audit professionals.

The CRMA exam core content covers four domains:

Domain I: Organizational governance related to risk management (25-30%)

A. Assess risk management processes in the context of alignment with strategic imperatives

Objectives of risk management processes

Organization's risk culture

Risk capacity, appetite, and tolerance of organization

B. Assess the processes related to the elements of the internal environment in which organizations seek to manage risks and achieve objectives

Integrity, ethical values, and other soft controls

Role, authority, responsibility, etc., for risk management

Management's philosophy and operating style

Legal/Organizational structure

Documentation of governance-related decision-making

Capabilities, in terms of people and other resources (e.g., capital, time, processes, systems, and technologies)

Management of third party business relationships

Needs and expectations of key internal stakeholders

Internal policies

C. Assess the processes related to the elements of the external environment in which organizations seek to manage risks and achieve objectives

Key external factors (drivers and trends) that may impact the objectives of the organization

Needs and expectations of key external stakeholders (e.g., involved, interested, influenced)

Domain II: Principles of risk management processes (25-30%)

A. Benchmark risk management processes using authoritative guidance

B. Evaluate risk management processes related to:

Setting objectives at all levels to achieve strategic initiatives

Identifying risks

Risk analysis and evaluation including correlation, interdependencies, and prioritization

Risk response (e.g., avoid, transfer, mitigate, accept), including cost/benefit analysis

Developing and implementing risk mitigation plans

Monitoring risk mitigation plans and emerging risks

Reporting risk management processes and risks, including risk mitigation plans and emerging risks

Periodic review of risk management processes to aid in continuous improvement

Domain III: Assurance role of the Internal Auditor (20-25%)

A. Review the management of key risks

B. Evaluate the reporting of key risks

C. Provide assurance that risks are adequately evaluated

D. Provide assurance on risk management processes

Domain IV: Consulting role of the Internal Auditor (20-25%)

A. Facilitate identification and evaluation of risks

B. Coach management in responding to risks

C. Coordinate risk management activities

D. Consolidate reporting on risks

E. Maintain and develop the risk management framework

F. Advocate for the establishment of risk management

G. Develop risk management strategy for board approval

Copyright © 2020. www.iiabg.org.

S5 Box




Fields marked with an asterisk (*) are required.