How many questions on CRISC?

150 multiple-choice in 240 minutes (4 hours).

450 on ISACA's 200-800 scaled score.

Most specialized ISACA cert, focused exclusively on IT risk management.

3 years across at least 2 domains, with 1+ year in Domain 1 or 2.

CRISC vs CISA vs CISM?

CRISC = risk management. CISA = auditing. CISM = security management.

$140,000-$155,000 average, senior roles $170,000+.

Yes. 20 CPE/year, $45-$85 annual fee.

How Many Questions Are on the CRISC Exam? Complete 2026 Guide

The ISACA CRISC exam contains 150 multiple-choice questions with a 240-minute (4-hour) time limit and a passing score of 450/800. CRISC is the only globally recognized certification focused exclusively on IT risk management.

CRISC holders earn $140,000-$155,000 annually. The certification is critical as organizations face cybersecurity threats, regulatory requirements, and digital transformation risks.

150

Questions

240 min

Time Limit

450/800

Passing Score

$575-$760

Exam Cost

Domain Breakdown

Domain	%	~Questions	Topics
Governance	26%	~39	IT risk governance, organizational structure, risk culture
IT Risk Assessment	20%	~30	Risk identification, threat analysis, impact analysis
Risk Response and Reporting	32%	~48	Response options, control design, KRIs, reporting
IT and Security	22%	~33	Architecture, security frameworks, control monitoring

Highest-Impact: Risk Response (32%) + Governance (26%) = 58% of the exam.

Risk Management Perspective

Risk-based decisions: Consider risk appetite, business impact, cost-benefit
Governance alignment: Risk activities must align with organizational objectives
Quantitative vs. qualitative: Know when to use each assessment approach
Control effectiveness: Evaluate controls against acceptable risk levels

CRISC vs. Other ISACA Certs

Factor	CRISC	CISA	CISM
Focus	IT risk	IS audit	Security mgmt
Experience	3 years	5 years	5 years
Avg Salary	$140K-$155K	$134K-$149K	$148K-$162K
Best For	Risk managers, GRC	IT auditors	CISOs

Study Preparation

ISACA QAE Database — complete twice
CRISC Review Manual — risk frameworks (COBIT, ISO 31000, NIST RMF)
Risk scenario practice — threat, vulnerability, asset, impact components
3-4 full-length timed practice exams

Frequently Asked Questions

Questions?

150 MC in 240 minutes.

Passing score?

450/800 scaled.

How hard?

Most specialized ISACA cert.

Experience?

3 years across 2+ domains.

vs CISA/CISM?

CRISC=risk, CISA=audit, CISM=security mgmt.

Study time?

8-12 weeks at 2-3 hrs daily.

Salary?

$140K-$155K average.

Expires?

Yes. 20 CPE/year, maintenance fee.

Practice CRISC Questions

Build IT risk management skills with practice questions.

Start Free Practice Test →