RIMS-CRMP Exam Information


Computer-Based Exams

The RIMS-CRMP exam is open to anyone who meets the eligibility requirements. The computer-based exam is proctored by Pearson VUE and consists of 120 questions with a two-hour duration.

All RIMS-CRMP candidates must have prior authorization from the RIMS-CRMP Certification Department to take the examination. The candidate must present two forms of ID to the examination proctor and meet all other test security requirements at the examination location (a list of acceptable forms of identification can be found in the RIMS-CRMP Certification Handbook). Additional details on taking the examination are provided to candidates in the email they receive from the RIMS-CRMP Certification Department once their application is approved.

Pearson VUE testing centers are located throughout the United States, Canada and around the globe.

​Preparing for the Exam

Candidates should decide what they want to read and study based on their knowledge of the risk management discipline. The domains and related reading material listed below can be used to guide your preparation for the examination.​

Additionally, candidates may use the RIMS-CRMP Study Guide to prepare.​


% Domains Related (Not Required) Reading


Analyzing the Business Model

  • 3% Obtain internal organizational information
  • 1% Obtain external organizational information
  • 2% Consolidate organizational information
  • 3% Analyze operations of the organization / due diligence
  • 1% Conduct benchmarking
  • 3% Describe value chain
  • 2% Identify organizational uncertainties
Bookstaber, Richard M., and Bluford H. Putnam. Risk Management: Principles and Practices: Proceedings of the AIMR Seminar “Risk Management”, March 8-9, 1999, Boston, Massachusetts. Charlottesville, VA: Association for Investment Management and Research, 1999. Print.

Funston, Frederick, and Stephen Wagner. Surviving and Thriving in Uncertainty: Creating the Risk Intelligent Enterprise. Hoboken, NJ: Wiley, 2010. Print.

Gamble, John, and Arthur A. Thompson. Essentials of Strategic Management: The Quest for Competitive Advantage. New York, NY: McGraw-Hill/Irwin, 2013. Print.

Kaufman, Josh. The Personal MBA: Master the Art of Business. New York, NY: Portfolio/Penguin, 2012. Print.

Sobel, Paul, and Kurt F. Reding. Enterprise Risk Management: Achieving and Sustaining Success. IIA Research Foundation, 2012. Print.


Designing Organizational Risk Strategies

  • 3% Develop risk strategy approach
  • 2% Define organizational risk competency capabilities
  • 2% Define success measures
  • 2% Design risk governance
  • 2% Design implementation plan
  • 3% Develop risk communication strategy
  • 3% Obtain organizational support for risk strategy
Lam, James. Enterprise Risk Management: From Incentives to Controls. Hoboken, N.J: Wiley, 2014. Print.

Elliott, Michael, ed. Enterprise Risk Management. 1st ed. The Institutes, 2014. Print.

“RIMS Strategic Risk Management Implementation Guide.” RIMS, 27 Nov. 2012.

Risk Assessment Standard. 2015 ed. Vol. RA.1. Alexandria: ASIS/RIMS, 2015. Print.

ISO 31000:2009 Risk management — Principles and guidelines.

Enterprise Risk Management – Integrating with Strategy and Performance. COSO, 2017. 


Implementing the Risk Process

  • 6% Identify risks
  • 6% Analyze identified risk
  • 6% Evaluate risk
  • 6% Consult and create risk solutions
  • 5% Monitor risk
  • 6% Advise on risk management (e.g., strategic, enterprise, operational, business area, business initiatives)
Chapman, Robert J. Simple Tools and Techniques for Enterprise Risk Management. Chichester, England: Wiley, 2011. Print.

Elliott, Michael W. Risk Management Principles and Practices. Malvern, PA: The Institutes, 2018. Print.

Vance, Beaumont, and Joanna Makomaski. Enterprise Risk Management for Dummies. Hoboken, NJ: Wiley, 2007. Print.

“Orange Book. Management of Risk – Principles and Concepts” - Publications. HM Treasury on Behalf of the Controller of HMSO, 5 Oct. 2004. Web. 


Developing Organizational Risk Competency

  • 3% Deliver risk training
  • 3% Engage organization’s risk network
  • 3% Coach organization on the risk process and techniques
  • 3% Continuously improve risk management process
  • 4% Integrate risk management into day-to-day operations
Bellman, Geoffrey M. Getting Things Done When You Are Not in Charge. San Francisco: Berrett-Koehler, 2001. Print.

Kotter, John P. Leading Change. Boston, MA: Harvard Business School, 1996. Print. (Hardcover and Kindle, 2012)

Wan, Margaret. Incidental Trainer a Reference Guide for Training Design, Development, and Delivery. Boca Raton: CRC, Taylor & Francis, 2014. Print.


Supporting Decision Making

  • 8% Influence risk-based decision making
  • 9% Facilitate risk discussion
F​rigo, Mark, and Anderson, Richard. Strategic Risk Management: A Primer for Directors and Management Teams. 1st ed. 2010. Print.

Salter, Josh. Exploring the Risk Committee Advantage. Rep. Ed. Morgan O’Rourke. RIMS, 2015. Web. (log in to access PDF)

Young, Greg; Hasler, David S. Strategic Finance. Managing Reputational Risk. 92.5 (Nov 2010): 37-46

Exam Blueprint

Duty and TaskFinal % Breakdown on Exam​
A. Analyzing the Business Model​15%
​A1. Obtain internal organization information​3%
​A2.​ Obtain external information about organization​1%
​A3. Consolidate organizational information​2%
​A4. Analyze operations of the organization/due diligence​3%
​A5. Conduct benchmarking​1%
A6.​ Describe and/or understand organization's value chain​3%
​A7. Identify organizational uncertainties​2%
B. Designing Organizational Risk Strategies​17%
​B1.​ Develop risk strategy approach3%
​B2. Define organizational risk competency capabilities​2%
B3​. Define success measures​2%
​B4. Design risk governance​2%
​B5. Design implementation plan​2%
B6​. Develop risk communication strategy​3%
​B7. Obtain organizational support for risk strategy​3%
C. Implementing the Risk Process35%
​C1.​ Identify risks​6%
​C2. Analyze identified risk6​%
​C3. Evaluate risk​6%
​C4. Consult and create risk solutions​6%
​C5. Monitor risk​5%
​C6. Advise on risk management (e.g., strategic, enterprise, operational, business area, business initiatives)​6%
D. Developing Organizational Risk Competency16%
D1.​ Deliver risk training​3%
​D2. Engage organization’s risk network (e.g., safety, security, business continuity, internal audit)​3%
​D3. Coach organization on the risk process and techniques​3%
​D4. Continuously improve risk management process​3%
​D5. Integrate risk management into day-to-day operations​4%
E. Supporting Decision-Making​17%
​E1. Influence risk-based decision-making8​%
​E2. Facilitate risk discussions​9​%

Authorized Testing Timeframe & Locations

You can select an exam date within your authorized six-month timeframe. The RIMS-CRMP certification exam is offered throughout the year.


Find the Nearest Test Center




Contact RIMS-CRMP@RIMS.org