Certification in Risk Management Assurance

The Institute of Internal Auditors is pleased to announce the development of the Certification in Risk Management Assurance™ (CRMA™).

The CRMA is one more mark of professional distinction for internal audit practitioners. Earning the CRMA will assist you in demonstrating your ability to:

  • Provide assurance on core business processes in risk management and governance.
  • Educate management and the audit committee on risk and risk management concepts.
  • Focus on strategic organizational risks.
  • Add value for your organization.
Eligibility Requirements

CRMA candidates must meet the following eligibility requirements:


CIA Part 1: The candidate must have successfully completed the requirements and passed Part 1 of the CIA exam. This can be done before, during, or after completion of the CRMA exam, but must be completed before the certification is appointed. Review the requirements for the CIA exam Part 1.


Education : CRMA candidate must have a post-secondary (four-year) degree or higher from an accredited college or university, or a minimum two years of post-secondary education with an accredited organization, plus three years of general business experience.


Character Reference: CRMA candidates must exhibit high moral and professional character and must submit a Character Reference Form signed by a CIA, CCSA, CFSA, CRMA, or the candidate’s supervisor.


Work Experience: CRMA candidates must obtain 24 months of auditing experience or controls-related business experience such as risk management, quality assurance, or CSA. A completed Experience Verification Form is required. Candidates may apply to the program and sit for the exam prior to satisfying the professional experience requirement, but will not be certified until all program requirements have been met.


Ethics: CRMA candidates agree to abide by the Code of Ethics established by The IIA. The code of Ethics is available on The IIA’s Website or by contacting IIA Malaysia’s Secretariat.


Continuing Professional Education (CPE): Upon certification, CRMAs are required to maintain their knowledge and skills and stay abreast of improvements and current developments by satisfying CPE requirements.


IIA Membership: Candidates must be individual member of The Institute of Internal Auditors Malaysia and must agree to abide by The IIA’s Code of Ethics, and CRMAs practicing as internal auditors must comply with The IIA’s  Standards for the Professional Practice of Internal Auditing.

Registration & Application

Initial Registration and Application

Candidates must complete and sign the Application Form, Character Reference Form and Experience Verification Form* and submit them with the following:

  • A registration fee in cheque/bank draft payable to The Institute of Internal Auditors Malaysia. Payment by credit card can be made by completing the Payment Form.
  • A copy of candidate’s highest qualification, transcripts, or other written proof of completion of degree programme.
  • The CSA Facilitation Validation Form (only for CCSA candidates)

*may be submitted later when criteria have been met. 


IIA Malaysia cannot guarantee a candidate’s right to sit for the examination if the above procedures are not followed. The registration fee will be refunded to candidates who are denied entrance into the programmes.

Examination Fees
Type of FeeAmount
*Registration FeeRM 1200
**Examination FeeUSD 380
*Registration Fee includes Processing, Graduation and 6% GST.
** Examination fee are to be paid directly to IIA Global via CCMS
  • Fees are subject to change and is subject to GST.
  • All fees must be prepaid before application and registration can be processed.
  • Fees paid are not refundable, unless an application is rejected.
  • Fees may vary in certain countries where the examination is administered under the direction of an IIA affiliate.
  • Grades will be withheld pending payment of any outstanding fees.
Examination Content & Format

Certification in Risk Management Assurance™ (CRMA®) Exam Syllabus

The CRMA exam includes two sections: Part 1 of the CIA  exam and a separate CRMA exam, which consists of 100 multiple-choice questions covering four domains. The CRMA exam requires a completion time of two hours.


Candidates who have already passed Part 1 of the CIA exam may advance directly to the CRMA core exam, having fulfilled that eligibility requirement.


All content covered in the four domains of the CRMA exam will be tested at the proficiency level (P). This means that candidates must exhibit proficiency (thorough understanding and the ability to apply concepts) in these topic areas.


Standards tested on the CRMA exam:

  • CIA exam Part 1 topics tested include aspects of the IPPF, responsibilities of the internal audit activity, independence and objectivity, governance concepts, risk identification and management, management controls, and audit planning.
  • The CRMA exam topics tested include governance aspects and principles of risk management assurance in addition to appropriate assurance and consulting roles for internal audit professionals.


Exam Non-disclosure

The CRMA exam is a non-disclosed examination, which means that current exam questions and answers will not be published or divulged.


NOTE: Exam topics and/or format are subject to change as approved by The IIA’s Professional Certification Board (PCB).


CRMA Exam Domains

The CRMA exam core content covers four domains:

Domain I: Organizational governance related to risk management (25-30%)
Domain II: Principles of risk management processes (25-30%)
Domain III: Assurance role of the Internal Auditor (20-25%)
Domain IV: Consulting role of the Internal Auditor (20-25%)

Examination Administration

Authorisation to Test

  1. Upon approval of application, IIA Malaysia will provide candidate ID number and “Authorisation to Test” notification to candidate, along with the information on how to schedule an examination on the Pearson VUE’s (PV) website.
  2. A candidate’s registration for an examination part will be valid for 180 days from the date the registration is processed at IIA HQ, and the examination part fee is non-refundable.
  3. Candidates can sit at Peason VUE testing centres in almost any country, regardless of country of registration.
  4. Candidates who do not pass the examination must wait 90 days to retest.


  1. Once “Authorisation to Test” notification is received, candidates can begin scheduling their testing appointments with Pearson VUE.
  2. Candidates will need to create a login and password to access the Pearson Vue’s website to schedule an examination.
  3. Visit www.pearsonvue.com and click on “Locate a test centre“.
  4. Then click “Schedule a Test”. Choose the examination that you want to schedule from a list of tests that Pearson VUE conduct. Then choose your test centre.
  5. Once the test centre is determined, the candidate will see a calendar with the available testing days and times based on the availability at the chosen location.
  6. Once a candidate is scheduled for an examination, he/she will receive a confirmation from Pearson VUE via e-mail with directions to the chose examination centre.
  7. Candidates must choose an examination date that is within their 180-day testing period for the examination part.
  8. Candidates can postpone the examination and/or change the examination centre, as long as the change is made at least 45 hours prior to the scheduled examination appointment.
  9. Candidates cannot schedule or re-schedule the examination beyond the 180 days testing period.

Examination Eligibility Period 

Once a candidate’s application to the CFSA programme has been approved, the candidate has an eligibility period of four years. The candidate must complete all examinations and fulfil all certification requirements within the four year period. If a candidate fails to complete the certification process within four years, all fees and examination parts passed will be forfeited. If a candidate’s programme eligibility expires, the candidate loses credit for any examination parts previously passed. In order to re-enter the CFSA programme, the candidate must submit a new CFSA application and pay the appropriate fees.

Examination Experience

  1. Candidate arrives at the testing site 30 minutes in advance of the assigned testing time.
  2. Candidate is checked in by a Pearson VUE (PV) test administrator.
  3. Candidate is assigned a locker and required to leave all unapproved items in the locker.
  4. Candidate is escorted into the testing room, assigned a testing station, and logged onto the computer by the PV test administrator.
  5. An initial screen displays the name of the examination, and candidate is asked to verify that he/she is receiving the correct examination.
  6. Candidate is required to agree that he/she will not disclose examination questions and that he/she may be videotaped or audio-taped in the testing center.
  7. Before beginning the examination, candidate is presented with a tutorial (10 minutes maximum).
  8. Candidate then begins the exam, with each question presented one at a time on the computer screen.
  9. Candidates will be able to indicate/mark questions that they would like to review prior to completing the examination.
  10. After viewing all examination questions, the candidate can access a review screen, from which he/she can choose to review all examination questions, review only unanswered examination questions, or review only marked examination questions.
  11. From the review screen, the candidate may choose “End Examination” button.
  12. Examination also ends if the candidate runs out of time.
  13. Candidate cannot return to the examination once it has ended.
  14. Candidate will then receive a short survey pertaining to the testing experience.


  1. Candidates will receive unofficial results at the examination site when they complete their examination.
  2. An official result will be sent by the Institute upon confirmation of result from Pearson VUE.

Passing Score

Statistical information from pre-tested questions is used to maintain comparable difficulty among versions of the examinations. Because the exact number of questions required to pass the examination may be slightly different from one examination to another, all raw scores are converted onto a reporting scale of 250 to 750 points, in order to ensure a common standard. A scaled score of 600 points or higher is required to pass the CIA, CCSA, CFSA or CGAP examination. (A scaled score of 600 would be equivalent of achieving 75 percent correct on an examination of appropriate difficulty).

Examination Dates

With the implementation of computer-based testing in 2008, all certification examinations are available throughout the year. Candidates schedule their examinations online via Pearson Vue website at www.pearsonvue.com