C- 業 016-V1.1-Z005 中華民國內部稽核協會國際風險管理確認師 (CRMA) 考試簡章 壹 考試宗旨 : 持有國際風險管理確認師證照 (Certification in Risk Management Assurance, 以下簡稱 CRMA), 將有助個人展現以下才能 : 能對組織核

Transcription

1 C- 業 016-V1.1-Z005 中華民國內部稽核協會國際風險管理確認師 (CRMA) 考試簡章 壹 考試宗旨 : 持有國際風險管理確認師證照 (Certification in Risk Management Assurance, 以下簡稱 CRMA), 將有助個人展現以下才能 : 能對組織核心業務流程之風險管理及治理提供確保 能對管理階層和審計委員會有關風險和風險管理之概念提供教育 提供品質確認與內控自評 能聚焦於具策略性之組織風險 能扮演值得信賴的顧問角色, 為組織增加價值 貳 考試內容及進行方式 : 一 國際風險管理確認師 (CRMA) 考試僅考一科, 新版考試內容則劃分為以下三大範 疇 :( 詳細內容請參閱附件一之 CRMA 考試內容綱要 ) 舊版 CRMA 考試 新版 CRMA 考試 考試主題 Ⅰ. 與風險管理攸關之機構治理 (25-30%) Ⅱ. 風險管理流程之原則 (25-30%) Ⅲ. 內部稽核人員之確認性角色 Ⅰ. 內部稽核之角色與責任 (20%) Ⅱ. 風險管理治理 (25%) Ⅲ. 風險管理確認 (55%) (20-25%) Ⅳ. 內部稽核人員之諮詢角色 (20-25%) 考試時間 120 分鐘 150 分鐘 試題 100 題 125 題 題型 單選題 ( 題型多元化 : 除了單選題外, 尚包括複選題 填空 分類 配對 排序 熱點 情境題組等 ) 能力程度 基礎與專精 須達專精 語言 英文版 英文版 變革主因 : 使 CRMA 考試與最新的全球實務保持同步 針對風險管理確認提供更深入的主題範圍 更符合 IIA 的核心認證 減少與 CIA 考試的重疊性 1

2 C- 業 016-V1.1-Z005 二 報名時間 : 全年度均可至 IIA 證照考生管理系統 (Certification Candidate Management System, 以下簡稱 CCMS 系統 ) 報名 ( 註 : 另需經資格審核 ) 三 考試日期 : 考生通過報名資格審核後, 即可上 CCMS 系統刷卡繳交考試費, 請於系統考試註冊歷史紀錄中所載明之 180 天有效期限內, 向 Pearson VUE 預約應試日程 考場, 並於期限內完成考試 四 CRMA Beta 版考試 : 新版考試內容綱要預計於 2021 年 10 月 1 日正式實施,5 月份先提供有 Beta 版考試 Beta 版考試報名申請 2021 年 4 月 1 日開始報名費免費 ( 限時優惠 ) 考試費 * 優惠價 90 美元 ( 會員與非會員均適用 ) 考試日期 2021 年 5 月 1 日至 6 月 30 日考題 150 題時間 180 分鐘試場提供限於 Pearson VUE 考試中心考試成績放榜 2021 年 9 月 * 酌減考試費僅適用於獲准參加 Beta 版考試的前 200 名考生, 超過 200 名之門檻後, 考生仍可以報名, 但須視會籍狀態, 按規定支付標準訂價之費用 參 報考及授證資格 : 舊版 CRMA 考試 新版 CRMA 考試 報考先決條件通過 CIA 第一科考試 CIA 證照為有效狀態 * 工作經歷 認證時程 考取後需持續進修時 數 須有 2 年 ( 含 ) 以上內部稽核 經歷 報名審核通過後 2 年內要取 得證照 須有 5 年 ( 含 ) 以上之內部稽核 及 / 或風險管理經歷 報名審核通過後 2 年內要取得證 照 20 小時 20 小時 * 註 : 例如擁有學士學位之考生若於報名時尚未具備符合 CRMA 認證要求之工作經歷, 仍然可以先報考 CRMA, 但須於二年有效期限內, 具備符合 CRMA 規定之工作經 歷, 才能取得證照 2

3 C- 業 016-V1.1-Z005 肆 繳交費用 : 一 分為 報名費 及 考試費 兩種 二 報名費 : ( 一 ) 所有考生於首次報名 CRMA 考試時, 均須繳交報名費 ( 二 ) 報名費免再繳之期限 :( 即及格資格保留有效期限 ) 首次報名 CRMA 考試之考生, 自 報名審核通過日 起算二年內, 若有不及格而需再次報考 CRMA 之情況, 僅須繳考試費, 不須再繳報名費 三 考試費 : 每次均須繳交 舊版 CRMA 考試 新版 CRMA 考試 可報名時間 2021 年 3 月 31 日止 2021 年 4 月 1 日開始 成本報名費 : 會員 :115 美元非會員 ;230 美元考試費 : 會員 :380 美元非會員 ;495 美元 報名費 : 會員 :95 美元非會員 :210 美元考試費 : 會員 :445 美元非會員 ;580 美元 可提供考試之 期間 考生須於有效期限內預約及 完成考試 Beta 版考試 : 2021 年 5 月 1 日至 6 月 30 日 沒有提供考試 : 2021 年 7 月 1 日至 9 月 30 日 正式實施 :2021 年 10 月 1 日 四 概不退費 : 敬請考生於報名繳費前確認報考科目, 報名後不得更改, 且所有費用 恕不退費 五 收據請至 CCMS 系統之訂單歷史紀錄中列印 伍 報名資格審核作業 : 考生須依照 IIA 之規定, 至 CCMS 系統刷卡並上傳仍屬有效期限內之護照及畢業證書正本掃瞄檔 或其他依 IIA 規定須繳交之資格證明文件, 並完成品格推薦之驗證, 俾利報名資格審核作業之進行 詳細作業流程請參閱附件及 CCMS 系統指引 3

4 C- 業 016-V1.1-Z005 陸 考試註冊及預約考試日程 考場 : 一 凡通過報名資格審核者, 即可至 CCMS 系統刷卡繳交考試費, 完成考試註冊作業, 並且請於系統歷史紀錄中所載明之 180 天有效期限內, 自行於 CCMS 系統, 或以電話方式向 Pearson VUE 客服中心 ( ) 安排方便應試之日程 考場 Pearson VUE 考場開放可預約應試之日期為每週一至週五 ( 須以 Pearson VUE 實際開放狀況為主 ) 建議於有效期限內, 請提早於一個半月之前, 審慎預約考試 二 台北考場地址 :110 台北市基隆路一段 163 號 12 樓之 3 連絡電話 : 高雄考場地址 :806 高雄市前鎮區中山二路 2 號 25 樓 ( 恆逸考試中心 ) 連絡電話 : #115 ( 注意 : 請務必確認考場地址是否和 Pearson VUE 所 確認信上之地址相同, 若有出入請電洽 Pearson VUE 詢問 ) 三 Pearson VUE 之客服中心電話 : , 若於安排考試日程 考場時有任何問題, 均可以電話向其洽詢 ( 請勿直接親赴考場詢問 ) 四 向 Pearson VUE 預約時之注意事項 : ( 一 ) 考生於 CCMS 系統向 Pearson VUE 安排考試相關事宜時, 請特別留意, 目前 IIA 針對 CRMA 考試僅提供英文版試題 ( 二 ) 不及格之考生到考日須間隔超過 60 天 ( 三 ) 不可取消考試 : 考生上 CCMS 系統刷卡繳交考試費後有 180 天之有效期間, 可自由選擇方便之日程應試 ; 中途若取消考試, 考試費不退還 ( 四 ) 更改考試日程或考場須支付手續費 : 已預約考試之考生, 若日後發現無法如原定日程或考場參加考試, 最晚須於原定考試日程之二個工作日 (48 小時 ) 以前, 登入 CCMS 系統刷卡支付 75 美元手續費予 Pearson VUE, 在仍屬 180 天之可應考有效期間內, 將可獲准更改考試日程或考場 例如 : 原排訂於 2019 年 10 月 21 日 ( 星期一 ) 考試, 若臨時有事, 則最遲必須於 10 月 16 日 ( 含星期三 ) 以前, 更改考試日程, 否則將必須以原訂日程應考, 不得要求變更日程 若因而未參加考試, 考試費不退還 註 : 工作日 以行政院人事行政總處之公告為準 ( 五 ) 考生於向 Pearson VUE 完成預約後, 將會收到由 Pearson VUE 所發出之 確認信函, 請務必詳細確認各項內容是否無誤 柒 國際證書之申請作業 : 一 通過考試及國際證書之申請 : 考生須依照 CRMA 考試所設定之門檻, 並具備符合要求之工作經歷, 才能取得 CRMA 證照 4

5 C- 業 016-V1.1-Z005 二 請於有效期限屆滿前完成工作經歷驗證 : 申請證書者請於有效期限屆滿前, 提早至 CCMS 系統提交工作經歷, 並通過驗證程序, 以確保能及時向 IIA 提出國際證書之申請, 未於期限內通過審核者, 將無法取得證書 所上傳之資歷若有塗改 偽造 假借等情事, 將觸犯 偽造文書 罪 除需自負刑事責任 沒收所繳費用外, 將喪失考試資格 若於事後查明, 所授予之國際風險管理確認師證書將予以註銷 三 授證事宜 : 一 若您適用的是 2021 年 3 月 31 日以前舊版的 CRMA 考試 : 請確認您的國際內部稽核師 (CIA) 第一科考試及格成績或 CIA 證照仍屬有效 (active) 狀態, 始得申請國際風險管理確認師證書 例如 : 若您於 2020 年通過 CRMA 考試並提出證書之申請, 但發現於 2016 年時所通過之 CIA 第一科考試及格成績, 於 2020 年時已屬失效狀態, 則須再重新通過 CIA 第一科考試,IIA 才會授予 CRMA 證書 所須具備之工作經歷年資, 將視以下學歷而有所不同 : 學歷工作經歷年資碩士學位須具有稽核經歷, 或與營運控制相關之一年 ( 含 ) 以上學士學位經歷 例如 : 風險管理 品質確保或內二年 ( 含 ) 以上副學士學位控自評相關之工作經歷 五年 ( 含 ) 以上二 若您適用的是 2021 年 4 月 1 日以後新版的 CRMA 考試 : 須有 5 年 ( 含 ) 以上之內部稽核及 / 或風險管理經歷 三 完成 IIA 授證要求之考生, 請自行至 CCMS 系統下載電子證書, 若需紙本證書, 請至 CCMS 系統刷卡付費, 完成申請印製證書之作業 請注意 : 工作經歷經主管驗證, 於 24 小時後 CCMS 系統即會自動呈現核准狀態, 若仍呈現待審核狀態, 有可能為主管尚未核准或信箱被擋信, 若要請 IIA 變更信箱重發, 請提供考生中 英文姓名及國際帳號, 主管的英文姓名 ( 同護照 ) 及電子信箱, 至 sc17@iia.org.tw 及電洽 #17 確認 捌 恪守 IIA 之考試保密協議 一般條款與職業道德規範 : 一 報考 IIA 之各種考試, 須遵守以下之規範, 否則無法獲准應試, 且將沒收所繳費用 考生參加本考試時, 在考場內的聲音與影像都有可能被錄製下來 本考試是機密的並且受到法律保護, 考生須恪守 IIA 之考試保密協議與一般條 5

6 C- 業 016-V1.1-Z005 款 不論目的為何, 在沒有事先得到 IIA 的書面允許下, 考生將很明確地被禁止將一部分或全部之試題, 以任何形式或任何方法 以口頭或書面 電子或機械式的方式, 揭露 出版 公開複製 或傳送該考試內容 二 國際風險管理確認師須恪守對內部稽核相關從業人員所訂之職業道德規範 ; 若有違反之情事, 視情節之重大性, 提報本協會考試委員會決議予以懲處或註銷其證書 玖 及格標準及效力 : 一 國際風險管理確認師考試為使每次試題內容之難易度能相當, 考試之原始成績將一律轉換成範圍介於 250 至 750 之量表分數, 以確保計分方式符合常態化標準分配之要求 凡考試成績超過 600 分者即算及格 (600 分之量表分數, 其約當難度為 75%, 即考試應有 75% 之答題正確率 ) 考題中將含有部分不納入計分範圍的預試題目, 僅供統計上之試驗用途 二 考生考完試後, 可當場於 Pearson VUE 試務中心收到一份非正式之成績單, 請妥善保存, 但正式之成績將統一由 IIA 於 CCMS 系統中發布 三 IIA 試卷均明示考生不得對外揭露考題, 本協會亦不得公布試題及答案, 故請勿來電詢問相關事宜 四 所有閱卷 評分作業, 皆由 IIA 辦理, 本協會無法提供成績複查服務 五 本協會之授證典禮, 每年舉辦一次, 於年度研討會中予以表揚 六 經 IIA 發給之風險管理確認師考試成績單或風險管理確認師證書, 如有下列各款情事之一者, 本協會及 IIA 得註銷之 : 1. 冒名頂替 2. 偽造或變造報考或應考證件 3. 以詐術或其他不當方法, 使考試發生不正確之結果 4. 經 IIA 事後抽驗發現有偽造相關工作經歷之情事者 5. 違反本協會及 IIA 相關規定者 拾 專業名銜之使用 : 領有國際風險管理確認師證書者, 應持續參與專業發展活動, 以維持國際風險管理確認師之專業素養 詳細規範請參閱本協會網站 所刊載之 專業證照持續進修要點 未持續進修或持續進修時數不足者, 須於使用國際風險管理確認師名銜之前補齊, 否則不得使用國際風險管理確認師名銜 6

7 C- 業 016-V1.1-Z005 針對不符合持續進修規定者, 若有相關人士詢問, 本協會將明確告知該員因持續進修 時數未遵循規定, 不得使用國際風險管理確認師名銜 拾壹 其他注意事項 : 一 考生至 Pearson VUE 考場應試時, 請務必記得攜帶 有效期限內之護照, 或 有 效之國民身分證 及英文名字與 CCMS 系統報名時拼音一致之有效信用卡 二 考試時如有使用計算機之必要,Pearson VUE 電腦操作畫面之左上角已提供小 型計算機, 故考生不用再自行攜帶計算機 三 由於 Pearson VUE 考場每日所接受考試之名額有一定之限制, 故建議考生儘量 提前向 Pearson VUE 排定考場, 以便可選到心目中理想之考場 考試日程, 及 避免造成考試即將逾期, 卻已無適合日期可選擇之情況 四 與 Pearson VUE 聯繫時應注意之事項 及電腦化考試畫面操作之 線上模擬練 習, 已刊載於本協會網頁 證照考試中心 之 報考及登錄作業 專區, 若 有其它新增資訊, 亦將統一於此專區公告 五 針對考試之 180 天有效期限, 考生若有延長期限之需求時, 可向 IIA 提出申請, 但以一次為限, 收費標準如下 : 延長天數 收費 60 天 100 美元 請注意 : 考試仍然必須於報考資格有效期限到期前通過, 否則仍算逾期, 必須 重考 六 特殊情況下申請展延或延期 (Hardship Extension): 針對一些情有可原狀況之考生,IIA 允許免費延長有效期限一次 在此種狀況 下, 考生須自行於 CCMS 系統以英文提出一個新建事件報告, 述明情有可原之 狀況,( 例如 : 生病 請產假或育嬰假 親人過逝 內亂 天災 服兵役 ) IIA 於審查完所提出之申請後, 會通知考生如何進行下一步之指示, 所有之申 請均須檢附相關證明文件 請注意 :IIA 所核准展延或延期之天數, 將視情況而定, 並且保有否決申請之 權利 所有上傳之證明文件, 亦須另外附上英譯內容 7

8 IIA 各類證照考試報名流程圖 1. 加入中華民國內部稽核協會 ( 以下簡稱本協會 ) 成為 IIA 正式會員, 並請於取得 IIA 國際帳號後再啟用 IIA 會員中心 2. 登錄本協會證照考試中心建置基本資料 考生以入會之 登入 CCMS 系統進行基 本資料確認及更新 ( 地址請用英文填寫 ) 是否首次報名 IIA 該類證照考試 否 再次報名同一類考試者, 請 至 CCMS 系統直接進行註冊 (Registration) 作業 是 首次報考資格申請作業 (Application) 請至 CCMS 系統進行報考作業及線上刷卡繳交首次報名費, 並須上傳報考資格文件給本協會進行審查 考試註冊作業 (Registration) 請至 CCMS 系統進行註冊作業及線上刷卡繳 交考試費 考生完成繳費之 48 小時後, 經 IIA 通知可 向 Pearson VUE 預約安排考試相關事宜

9 國際風險管理確認師 (CRMA) 考試內容綱要 I. 內部稽核之角色與責任 20% 1 角色與能力 A 決定內部稽核單位與風險管理相關之適切的確認性與諮詢服務 B 決定提供風險管理確認性及諮詢服務時, 所需之知識 技能和能力 ( 無論是培訓或外聘 ) C 評估內部稽核單位之機構獨立性, 並向適切之單位報告受損情況 2 協調 A 建議建立整個組織之風險管理策略和流程, 或為現行策略和流程之改善做出貢獻 B 協調風險確認相關工作事項, 並決定是否依賴其他內部及外部確認提供者之工作 C 協助組織建立或更新整個組織之風險確認性地圖, 以確保適當之風險範圍並將重複之工作最小 化 Ⅱ. 風險管理治理 25% 1 治理 風險管理及控制架構 A 評估組織之治理結構及將風險管理概念應用於治理架構中之情況 B 評估組織將相關概念和原則, 適切地應用於組織的風險和控制架構中之情況 C 評估組織風險治理和風險文化 ( 例如 : 風險監督 風險管理 高層基調等 ) 的關鍵要素, 以及 組織文化對整體控制環境和風險管理策略的影響 2 風險管理整合 A 評估管理階層對風險管理的承諾, 並分析將風險管理與機構之目標 策略設定 績效管理和作 業管理制度之整合 B 評估組織可辨識出可能影響組織策略和目標達成之各種改變與新興風險, 並加以回應之能力 C 檢查整合性風險管理報導對利害關係人的有效性 ( 例如 : 風險 風險回應 績效和文化等 ) Ⅲ. 風險管理確認 55% 1 風險管理方法 A 評估各種評估風險之方法和流程 ( 例如 : 攸關措施 內控自評 持續監督 成熟度模型等 ) B 選擇資料分析技術 ( 例如 : 比率估計 差異分析 預算與實際數 趨勢分析 其他合理性測 試 標竿評比等 ), 以支持風險管理和確認流程 2 確認流程 A 評估管理階層有關風險辨識和評估流程之設計和應用 B 利用風險管理架構, 從各種來源評估組織整體風險 ( 例如 : 稽核範疇 法規要求及變動 管理 要求 攸關市場和產業趨勢 新興議題等 ) C 依據組織整體風險評估的結果, 決定稽核專案的優先順序, 以建立以風險為基礎的內部稽核計 畫 D 管理內部稽核專案, 以確保達成稽核目標 品質有所確保, 和培養員工 E 在各個層級 ( 例如 : 流程層級 事業單位層級及整個組織 ) 評估風險管理的有效性和效率 比重

10 F 分析多個內部稽核專案的結果 其他內部和外部確認提供者的工作, 以及管理階層的風險補救 活動, 以支持內部稽核單位對組織風險管理流程之整體評估 G 在整個系統開發生命週期中, 評估風險管理 專案管理和變更控制 H 評估資料隱私 網路安全 資訊科技控制, 以及資訊安全政策和實務 I 評估風險管理監督流程 ( 例如 : 風險登錄 風險資料庫 風險減輕計畫等 ) 3 溝通 A 管理稽核專案溝通和報告流程 ( 例如 : 舉行結案會議 撰寫稽核報告 取得管理階層的回覆 等 ) 以提交專案結果 B 評估管理階層對關鍵組織風險的回應, 並在管理階層接受了風險水準可能超過組織所能承受之 水準時, 針對此事與董事會進行溝通 C 制定並且針對組織之風險管理流程有效性, 在組織各層級及整個組織進行溝通

11 協會有販售中文版參考書 : CRMA 推薦參考用書 1. COSO 企業風險管理整合策略與績效 (COSO Enterprise Risk Management - Integrating with Strategy and Performance) 2. 國際專業實務架構 (IPPF) IIA 英文版參考書線上購買, 會員憑國際帳號登入, 享有折扣優惠 : CRMA exam questions are derived from the body of knowledge for risk management assurance, which includes but is not limited to the following key references: CRMA Exam Study Guide and Practice Questions, 2nd Edition The IIA s International Professional Practices Framework (IPPF) Applying the IPPF, by Urton Anderson and Andrew Dahle COSO frameworks and guidance ISO OECD Risk Management and Corporate Governance NIST Privacy Framework V1.0 King IV Report on Risk Management IRM s Risk Appetite & Tolerance Guidance Paper IRM s Risk Culture: Resources for Practitioners Fundamentals of Risk Management, by Paul Hopkin Assessing and Managing Strategic Risks: What, Why, and How for Internal Auditors, by Richard J. Anderson and Mark L. Frigo Practical Enterprise Management: Getting to the Truth, by Larry Baker Managing Risk in Uncertain Times: Leveraging COSO s New ERM Framework, by Paul Sobel Sawyer s Internal Auditing, 7th edition, by Internal Audit Foundation The Internal Auditor s Guide to Risk Assessment, by Rick A Wright Jr. Data Analytics: A Road Map for Expanding Analytics Capabilities, by Richard Cline, Ward Melhuish, and Meredith Murphy Current resources on risk management assurance and relevant topics Please note that periodically new references are added and outdated references are removed from the reference list. 題型觀摩 :

12 CRMA 轉換常見問題 : 我若於 2021 年 3 月 31 日以前, 已申請 CRMA 考試, 具備有效之 CIA 證照, 並且具有符合新版 CRMA 考試所要求之工作經歷, 我是否會受到影響? 我若於 2021 年 3 月 31 日以前, 已申請 CRMA 考試, 具備有效之 CIA 證照, 但尚未具有符合新版 CRMA 考試所要求之工作經歷, 我是否會受到影響? 我若於 2021 年 3 月 31 日以前已申請 CRMA 考試, 但不具備有效之 CIA 證照, 我是否會受到影響? 我若於 2021 年 4 月 1 日以後才申請 CRMA 考試, 具備有效之 CIA 證照, 並且符合新版 CRMA 工作經歷之要求, 我是否會受到影響? 我若於 2021 年 4 月 1 日以後才申請 CRMA 考試, 具備有效之 CIA 證照, 但不符合新版 CRMA 工作經歷之要求, 我是否會受到影響? 我想要於 2021 年 4 月 1 日以後才申請 CRMA 考試, 並具備新版 CRMA 工作經歷之要求, 之前有取得 CIA 證照, 但 CIA 證照為失效狀態, 我是否會受到影響? 我想要於 2021 年 4 月 1 日以後才申請 CRMA 考試, 但並不具備有效之 CIA 證照, 我是否會受到影響? 您可藉由於 CRMA 考試有效期限到期前, 通過現行 CRMA 考試, 以取得證照 您的 CRMA 考試資格期限將視原本之有效期限與 2022 年 12 月 31 日相較, 先到期者失效 您可藉由通過現行之 CRMA 考試, 並具備二年內部稽核相關工作經歷而取得 CRMA 證照 您的 CRMA 考試資格期限將視原本之有效期限與 2022 年 12 月 31 日相較, 先到期者失效 您可藉由通過 CIA 第一科考試, 及現行 CRMA 考試, 並具備二年內部稽核相關工作經歷而取得 CRMA 證照 您的 CRMA 考試資格期限將視原本之有效期限與 2022 年 12 月 31 日相較, 先到期者失效 您必須通過新版 CRMA 考試, 並符合新版 CRMA 考試所要求具備之工作經歷, 以取得 CRMA 證照 您的 CRMA 考試資格期限為自報名審核通過日起算 2 年內有效 您可藉由通過新版 CRMA 考試, 並於有效期限到期之前, 具備新版 CRMA 所要求之工作經驗 ( 五年內部稽核及 / 或風險管理經驗 ) 而取得 CRMA 證照 您的 CRMA 考試資格期限為自報名審核通過日起算 2 年內有效 申請 CRMA 考試須具備有效的 CIA 證照, 首先您可藉由恢復 CIA 證照而取得報名 CRMA 資格, 然後於有效期限屆滿之前, 通過新版 CRMA 考試 您的 CRMA 考試資格期限為自報名審核通過日起算 2 年內有效 很抱歉, 您將沒有資格可以申請 CRMA 考試, 自 2021 年 4 月 1 日起, 考生必須具備有效之 CIA 證照, 才能申請新版 CRMA 考試 1

13 常見問答 (FAQs) 1) 修訂後的 CRMA 計畫, 生效日是什麼時候? 修訂後的 CRMA 計畫, 生效日期為 2021 年 4 月 1 日 在生效日之前, 舊版的 CRMA 考試規定仍然有效 在 2021 年 3 月 31 日或之前, 報名 CRMA 的考生將參加舊版的考試 在 2021 年 4 月 1 日當天或之後報名的考生, 必須符合新版的要求, 並通過新版的 CRMA 考試才能取得證照 2) 新版的 CRMA 計畫, 價格是多少? IIA 會員 非會員 報名費 95 美元 ( 原本為 115 美元 ) 210 美元 ( 原本為 230 美元 ) 考試費 445 美元 580 美元 3) 如果我在 2021 年 3 月 31 日之前申請 CRMA 計畫, 我的計畫到期日是什麼時候? 如果您在 2021 年 3 月 31 日之前申請 CRMA 計畫, 則您的 CRMA 考試資格期限將視原本之有效期限與 2022 年 12 月 31 日相較, 先到期者失效 4) 如果我在 2021 年 4 月 1 日或之後申請 CRMA 考試, 我的計畫到期日是什麼時候? 如果您在 2021 年 4 月 1 日或之後申請 CRMA 計畫, 則在 CRMA 申請獲得核准後的兩年, 您的計畫有 效期限將失效 5) 修訂後的 CRMA 考試計畫, 要求具備什麼資格? 考生於申請新版 CRMA 計畫之前, 必須具備有效的 CIA 名銜 工作經驗未滿五年的考生, 仍然可以申請報名 CRMA 計畫 但是, 要取得 CRMA 證照, 他們必須於計畫有效期限到期之前, 具備新版 CRMA 所要求之工作經驗, 才能取得 CRMA 證照 6)CIA 挑戰考試是否會提供給目前未具有 CIA 名銜的有效 CRMA 認照持有者? 在 2021 年 6 月 30 日之前具備有效 CRMA 證照者, 有資格參加 CIA 挑戰考試 CIA 挑戰考試的申請於 2020 年 7 月 1 日開始, 完成 CIA 挑戰考試的截止日期為 2021 年 6 月 30 日 7) 我以前取得的 CRMA 證照是否仍然有效? 只要 CRMA 證照持有者每年申報 20 小時的持續進修時數 (CPE), 先前所授予的 CRMA 名銜將一直 有效 更多資訊請連結以下網址參閱 : aspx 2

14 March 2021

15 Contents 1. Revised CRMA: A Core Certification for Internal Auditing Why Is the CRMA Program Changing? How Is the CRMA Program Changing? CRMA Exam Syllabus Changes Purpose of the Exam CRMA Revised Exam Syllabus CRMA Reference List Passing Score New Types of Exam Questions Multiple Choice Multiple Response Fill in the Blank Categorizing Matching Ordering Hotspot Scenario Item Set Transition From Current to Revised CRMA Exam CRMA Beta Test Timeline for Transitioning the CRMA Exam How Will the CRMA Transition Affect You? Frequently Asked Questions (FAQs)... 13

16 CRMA Program Updated New Exam, Renewed Focus Congratulations! Your desire to pursue the Certification in Risk Management Assurance (CRMA ) designation demonstrates your commitment not only to the internal audit profession, but also to your continued professional growth and development. The CRMA is the only risk management assurance certification for internal auditors. Since the CRMA was introduced in 2011, nearly 17,000 professionals around the world have earned the designation, demonstrating their ability to focus on strategic risks, ensure and enhance value to their organization through risk assurance on core business processes, and educate management and the audit committee on risk and risk management concepts. As the risk landscape has changed dramatically over the last decade, The IIA recognized the need for the CRMA program to evolve and keep pace with these changes. Doing so required a thorough evaluation of the CRMA program requirements and exam content to ensure they reflect the skills needed to audit today s emerging risks, as well as consider the organizational view required for effective risk management assurance. The IIA conducted a global market study followed by a job analysis study. The results of these studies confirmed the need to make revisions to both program requirements and the CRMA exam itself. This handbook was created to help you understand how and why the CRMA program is changing. Throughout these pages, you ll learn more about new program requirements and the updated exam specifically, what s changing and when any changes might impact you. We are excited to share these updates with you, and we are confident that you will appreciate the program enhancements. We would be remiss if we did not take a moment to offer special thanks to our global Exam Development Committee for their work to help bring the CRMA program to the next level. The efforts of our distinguished volunteers and the thousands of people who responded to the global survey have enabled The IIA to support and enhance the CRMA as a core certification for the internal audit profession. All the very best, Charlie Johnson, CIA, CRMA, QIAL, CGAP, CFSA Chairman, Professional Certifications Board The Institute of Internal Auditors 1

17 1. Revised CRMA: A Core Certification for Internal Auditing 1.1. Why Is the CRMA Program Changing? When the CRMA designation was initially introduced a decade ago, it was considered a specialty credential for select internal auditors who had a particular interest or desire to focus on risk management. However, the internal audit profession has evolved, and today s internal audit leaders are expected to have a deeper understanding of their organization s risks and approach to risk management. Indeed, the ability to provide risk management assurance has become a core responsibility for internal auditing. What Is an Exam Syllabus? An exam syllabus is an outline that summarizes the topic areas covered on the exam. The revised CRMA exam syllabus can be found on pages 4-5. The syllabus serves as a guide to help candidates identify the knowledge, skills, and abilities they must possess to demonstrate their internal audit proficiency and earn the CRMA designation. To keep pace with the evolution of the profession and ensure that the CRMA exam content remains current and valid, The IIA conducted both a global market study and a job analysis study, designed to collect input regarding the knowledge, skills, and abilities most relevant to today s internal auditors who provide assurance on risk management. The IIA s Global Exam Development team and Exam Development Committee with oversight provided by the Professional Certifications Board led a comprehensive review of the current CRMA exam syllabus and developed proposed revisions. An external psychometrician was contracted to ensure independence of the CRMA job analysis study, which targeted exam candidates, certification holders, academics, experienced internal audit professionals, and other stakeholders. The job analysis survey was available globally and garnered more than 2,300 responses. The study results confirmed that more business experience and a deeper level of risk management knowledge are required for professionals to provide holistic and effective risk management assurance. As such, revisions are being made to both the CRMA program requirements and the exam itself. The revised CRMA is positioned as a career pathway for internal auditors after they have achieved the Certified Internal Auditor (CIA ) designation. 2

18 1.2. How Is the CRMA Program Changing? CRMA program requirements are being adjusted to reflect the need for risk management assurance providers to possess more robust business experience and a mastery of internal audit concepts already assessed by The IIA s flagship certification, the Certified Internal Auditor. To apply for the revised CRMA program, candidates must now hold an active CIA designation. More years of work experience are also needed to obtain the CRMA. PROGRAM REQUIREMENTS Current CRMA Revised CRMA PREREQUISITE Pass CIA Part 1 exam Active CIA designation CRMA EXAM Pass CRMA exam Pass CRMA exam WORK EXPERIENCE* 2 years of internal audit experience 5 years of internal audit and/or risk management experience ANNUAL CPE 20 hours 20 hours *Work experience is an exit requirement for the CRMA program. Candidates with less experience may apply for the CRMA program and sit for the exam. However, to obtain the designation, the experience requirement must be met before the two-year program window expires. The CRMA exam itself is also changing, with updates that include changes to the exam syllabus, length of the exam, and types of questions featured on the exam. EXAM Current CRMA Revised CRMA EXAM TOPICS I. Organizational governance related to risk management (25-30%) II. Principles of risk management processes (25-30%) III. Assurance role of the internal I. Internal audit roles and responsibilities (20%) II. Risk management governance (25%) III. Risk management assurance (55%) auditor (20-25%) IV. Consulting role of the internal auditor (20-25%) SEAT TIME 120 minutes 150 minutes LENGTH 100 questions 125 questions QUESTION TYPES Multiple choice only Variety of question types LANGUAGE English English These changes are intended to: Bring the CRMA exam up to date with current global practices. Provide more in-depth coverage of risk management assurance topics. Achieve greater alignment among The IIA s core certifications. Minimize overlap with the CIA exams. The complete revised CRMA syllabus and additional details about various new question types can be found in the following sections of this handbook. 3

19 2. CRMA Exam Syllabus Changes 2.1. Purpose of the Exam The CRMA exam is designed to test candidates ability to: Provide assurance on core business processes in risk management and governance. Educate management and the audit committee on risk and risk management concepts. Offer quality assurance and control self-assessment. Focus on strategic organizational risks. Add value to their organization as a trusted advisor. The revised syllabus sets out to achieve this purpose by ensuring that all concepts are assessed at a proficient cognitive level. In other words, the exam does not require candidates to simply memorize or demonstrate basic comprehension of concepts. Instead, it is designed to test candidates application of concepts and their ability to analyze and evaluate data, make sound judgments, and formulate conclusions and recommendations CRMA Revised Exam Syllabus 2021 CRMA Syllabus Weight I. Internal Audit Roles and Responsibilities 20% 1. Roles and Competencies A B C Determine appropriate assurance and consulting services for the internal audit activity with regard to risk management. Determine the knowledge, skills, and competencies required (whether developed or procured) to provide risk management assurance and consulting services. Evaluate organizational independence of the internal audit activity and report impairments to appropriate parties. 2. Coordination A B C Recommend establishing an organizationwide risk management strategy and processes, or contribute to the improvement of the existing strategy and processes. Coordinate risk assurance efforts and determine whether to rely on the work of other internal and external assurance providers. Assist the organization with creating or updating an organizationwide risk assurance map to ensure proper risk coverage and minimize duplication of efforts. II. Risk Management Governance 25% 1. Governance, Risk Management, and Control Frameworks A B C Evaluate the organization's governance structure and application of risk management concepts found in governance frameworks. Assess the organization's application of concepts and principles found within risk and control frameworks appropriate to the organization. Assess key elements of the organization's risk governance and risk culture (e.g., risk oversight, risk management, tone at the top, etc.) and the impact of organizational culture on the overall control environment and risk management strategy. 4

20 2. Risk Management Integration A B C Evaluate management s commitment to risk management and analyze the integration of risk management into the organization's objectives, strategy setting, performance management, and operational management systems. Evaluate the organization s ability to identify and respond to changes and emerging risks that may affect the organization s achievement of strategy and objectives. Examine the effectiveness of integrated risk management reporting (e.g., risk, risk response, performance, and culture, etc.) to key stakeholders. III. Risk Management Assurance 55% 1. Risk Management Approach A B Evaluate various approaches and processes for assessing risk (e.g., relevant measures, control selfassessment, continuous monitoring, maturity models, etc.). Select data analytics techniques (e.g., ratio estimation, variance analysis, budget vs. actual, trend analysis, other reasonableness tests, benchmarking, etc.) to support risk management and assurance processes. 2. Assurance Processes A B C D E F G H I Evaluate the design and application of management s risk identification and assessment processes. Utilize a risk management framework to assess organizationwide risks from various sources (e.g., audit universe, regulatory requirements and changes, management requests, relevant market and industry trends, emerging issues, etc.). Prioritize audit engagements based on the results of the organizationwide risk assessment to establish a risk-based internal audit plan. Manage internal audit engagements to ensure audit objectives are achieved, quality is assured, and staff is developed. Evaluate the effectiveness and efficiency of risk management at all levels (i.e., process level, business unit level, and organizationwide). Analyze the results of multiple internal audit engagements, the work of other internal and external assurance providers, and management's risk remediation activities to support the internal audit activity s overall assessment of the organization s risk management processes. Assess risk management, project management, and change controls throughout the systems development lifecycle. Evaluate data privacy, cybersecurity, IT controls, and information security policies and practices. Evaluate risk management monitoring processes (e.g., risk register, risk database, risk mitigation plans, etc.). 3. Communication A B C Manage the audit engagement communication and reporting process (e.g., holding the exit conference, developing the audit report, obtaining management responses, etc.) to deliver engagement results. Evaluate management responses regarding key organizational risks, and communicate to the board when management has accepted a level of risk that may be unacceptable to the organization. Formulate and deliver communications on the effectiveness of the organization s risk management processes at multiple levels and organizationwide. 5

21 2.3. CRMA Reference List CRMA exam questions are derived from the body of knowledge for risk management assurance, which includes but is not limited to the following key references: The IIA s International Professional Practices Framework (IPPF) Applying the IPPF, by Urton Anderson and Andrew Dahle COSO frameworks and guidance ISO OECD Risk Management and Corporate Governance NIST Privacy Framework V1.0 King IV Report on Risk Management IRM s Risk Appetite & Tolerance Guidance Paper IRM s Risk Culture: Resources for Practitioners Fundamentals of Risk Management, by Paul Hopkin Assessing and Managing Strategic Risks: What, Why, and How for Internal Auditors, by Richard J. Anderson and Mark L. Frigo Practical Enterprise Management: Getting to the Truth, by Larry Baker Managing Risk in Uncertain Times: Leveraging COSO s New ERM Framework, by Paul Sobel Sawyer s Internal Auditing, 7th edition, by Internal Audit Foundation The Internal Auditor s Guide to Risk Assessment, by Rick A Wright Jr. Data Analytics: A Road Map for Expanding Analytics Capabilities, by Richard Cline, Ward Melhuish, and Meredith Murphy Current resources on risk management assurance and relevant topics Please note that periodically new references are added and outdated references are removed from the reference list Passing Score The IIA will conduct a standard-setting study based on the revised CRMA syllabus. The IIA s Professional Certifications Board will use the result to determine the passing score of the exam. A candidate s raw score (the number of questions answered correctly) will be converted into a scaled score ranging from 250 to 750 points. A scaled score of 600 or higher is required to pass the CRMA exam. 3. New Types of Exam Questions The original CRMA exam was composed entirely of Multiple Choice questions, each with four possible response options. The revised CRMA exam may include up to eight different question types: Multiple choice. Multiple response. Fill in the blank. Categorizing. Matching. Ordering. Hot spot. Scenario item set. 6

22 Samples of each question type are included below. For an interactive demonstration of these potential question types, visit The IIA s website Multiple Choice Multiple Choice questions on the revised CRMA exam have three to six response options. Candidates select the best single answer from among the response options. (Note that the shape next to each response option is a circle, signaling that only one option can be selected.) Fig. 1 Sample Multiple Choice Question 3.2. Multiple Response Multiple Response items include a question with three to six response options, and candidates are instructed to Select all that apply. To answer the question correctly, candidates must select every correct option, and incorrect options cannot be selected. No partial credit is awarded. (Note that the shape next to each response option is a square, signaling that more than one option can be selected.) Fig. 2 Sample Multiple Response Question 7

23 3.3. Fill in the Blank Fill in the Blank items include one or more sentences with missing information. Candidates fill in the blanks by selecting the correct answers from the available drop-down menus. To answer the question correctly, candidates must complete all blanks accurately. No partial credit is awarded. Fig. 3 Sample Fill in the Blank Question 3.4. Categorizing Categorizing questions include a list of items that can be grouped into two or more categories. Candidates select the correct category from each drop-down menu. To answer the question correctly, candidates must complete all components accurately. No partial credit is awarded. Fig. 4 Sample Categorizing Question 8

24 3.5. Matching Matching questions include two lists of items that must be paired, or matched. Candidates match the items by selecting the correct letter from each drop-down menu. To answer the question correctly, candidates must match all components accurately. No partial credit is awarded Ordering Fig. 5 Sample Matching Question Ordering questions include a list of items that must be placed in the proper sequence. To put the items in order, candidates select the correct number from each drop-down menu. Each number is used only once. To answer the question correctly, candidates must answer all components accurately. No partial credit is awarded. Fig. 6 Sample Ordering Question 9

25 3.7. Hotspot Hotspot items require candidates to identify a particular area of an image. To answer the question correctly, candidates use their mouse to navigate to the correct area of the image and click to drop a crosshair marker on the image. (The candidate can move the marker to a different area simply by clicking again on another area of the image.) Fig. 7 Sample Hotspot Question crosshair marker 10

26 3.8. Scenario Item Set The final question type is the Scenario Item Set, which includes a brief vignette, or scenario (approximately three paragraphs) accompanied by three or four related Multiple Choice questions. Each question is scored separately. Candidates may click and drag the vertical line that separates both sides of the screen to adjust the width of each side. Fig. 8 Sample Scenario Item Set 11

27 4. Transition From Current to Revised CRMA Exam 4.1. CRMA Beta Test Although the official launch of the revised CRMA is October 1, 2021, candidates will have an opportunity to sit for a Beta version of the new exam as early as May Beta Test APPLY FOR BETA Beginning April 1, 2021 APPLICATION FEE Waived REGISTRATION FEE Discounted to US $90* (IIA members and nonmembers) EXAM DATES May 1, 2021 to June 30, 2021 QUESTIONS 150 questions LENGTH 180 minutes DELIVERY Pearson VUE test centers EXAM RESULTS Available September 2021 *The discounted registration fee is limited to the first 200 candidates who register for the Beta test. If you meet eligibility requirements for the revised CRMA, and you are interested in participating in the CRMA Beta test, please visit the Certification Candidate Management System (CCMS), to apply and register Timeline for Transitioning the CRMA Exam Current CRMA Revised CRMA APPLICATION By March 31, 2021 Beginning April 1, 2021 COST Program Application: US $115 (IIA member) / US $230 (nonmember) Program Application: US $95 (IIA member) / US $210 (nonmember) AVAILABILITY Exam Registration: US $380 (IIA member) / US $495 (nonmember) Candidates must schedule and sit for their exam prior to their program expiration date. Exam Registration: US $445 (IIA member) / US $580 (nonmember) Beta Test May 1, 2021 to June 30, 2021 No Testing July 1, 2021 to September 30, 2021 Official Launch October 1,

28 4.3. How Will the CRMA Transition Affect You? If you are pursuing the CRMA or considering applying to the program, please review the following scenarios to learn how the CRMA program changes may affect you. QUESTION I apply into the CRMA program before March 31, I hold an active CIA designation, and I meet the new CRMA experience requirement. How am I affected? I apply into the CRMA program before March 31, I hold an active CIA designation, but I do not meet the new CRMA experience requirement. How am I affected? I apply into the CRMA program before March 31, 2021, but I do not hold an active CIA designation. How am I affected? I apply into the CRMA program after April 1, I hold an active CIA designation, and I meet the new CRMA experience requirement. How am I affected? I apply into the CRMA program after April 1, I hold an active CIA designation, but I do not meet the new CRMA experience requirement. How am I affected? I want to apply for the CRMA program after April 1, I meet the new CRMA experience requirement. I previously earned the CIA, but my CIA designation is inactive due to a lack of CPE reporting. How am I affected? I want to apply for the CRMA program after April 1, 2021, but I do not hold a CIA designation. How am I affected? ANSWER You may obtain your CRMA designation by passing the current CRMA exam before your program expires. Your CRMA program expires the earlier of the current CRMA program expiration date or December 31, You may obtain your CRMA designation by passing the current CRMA exam, and possessing two years of related internal audit experience before your program expires. Your CRMA program expires the earlier of the current CRMA program expiration date or December 31, You may obtain your CRMA designation by passing the CIA Part 1 exam, passing the current CRMA exam, and possessing two years of related internal audit experience before your program expires. Your CRMA program expires the earlier of the current CRMA program expiration date or December 31, You may obtain your CRMA designation by passing the new CRMA exam before your program expires. Your CRMA program window expires two years after your CRMA application is approved. You may obtain your CRMA designation by passing the new CRMA exam and meeting the new CRMA experience requirement (five years of internal audit and/or risk management experience) before your program expires. Your CRMA program window expires two years after your CRMA application is approved. An active CIA is required to apply into the CRMA program. You may obtain your CRMA designation by first reinstating your CIA, then applying into the CRMA program, then passing the new CRMA exam before your program expires. Your CRMA program window expires two years after your CRMA application is approved. Unfortunately, you will not be eligible to apply into the CRMA program. Beginning April 1, 2021, candidates must hold an active CIA designation in order to enter the new CRMA program Frequently Asked Questions (FAQs) 1) What is the effective date of the revised CRMA program? April 1, 2021 is the effective date of the revised CRMA program. Prior to the effective date, the current CRMA requirements are in effect. Candidates who apply for the CRMA on or before March 31, 2021 will sit for the current 13

29 exam. Candidates who submit applications on or after April 1, 2021 must meet the revised requirements and pass the revised exam to earn the CRMA. 2) What is the price of the revised CRMA program? IIA MEMBERS NONMEMBERS PROGRAM APPLICATION US $95 (reduced from US $115) US $210 (reduced from $230) EXAM REGISTRATION US $445 US $580 3) If I apply into the CRMA program before March 31, 2021, what is my program expiration date? If you apply into the CRMA program before March 31, 2021, your program window expires on the current CRMA program expiration date or December 31, 2022, whichever occurs first. 4) If I apply into the CRMA program on or after April 1, 2021, what is my program expiration date? If you apply into the CRMA program on or after April 1, 2021, your program window expires two years after your CRMA application is approved. 5) What are the eligibility requirements for the revised CRMA program? Candidates must hold an active CIA designation prior to applying for the revised CRMA program. Candidates who have less than five years of experience may still apply for the program. However, to earn the CRMA, they must obtain the requisite experience before their program window expires. 6) Will a CIA challenge exam be offered to active CRMA holders who don t currently hold a CIA designation? Individuals with an active CRMA designation earned by June 30, 2021 are eligible to take a CIA Challenge Exam. Application for this CIA Challenge Exam opened July 1, The deadline for completing the CIA Challenge Exam is June 30, ) Will my previously awarded CRMA remain valid? Previously awarded CRMA designations will remain valid, provided the CRMA holder reports 20 hours of continuing professional education (CPE) annually. For more information, visit: 14

30 The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Lake Mary, Florida, USA. With more than 200,000 members, The IIA is the internal audit profession s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. There are more than 200,000 IIA certified individuals worldwide. In addition to global certification programs, IIA members enjoy benefits such as access to local, national, and global professional networking; world-class training; standards and guidance; research; executive development; career opportunities; and resources such as IIA Quality Services, LLC. Global Headquarters 1035 Greenwood Blvd., Suite 401 Lake Mary, Florida USA T E CustomerRelations@theiia.org W 15