In 2018, Mercy Omollo-Mbai, CISA, CRISC, ISACA Kenya (Africa) Chapter communications committee secretary (2019-20) and IT internal audit manager at Liberty Group East Africa, realized it would benefit her audit career to understand risk management, so she pursued the Certified in Risk and Information System Controls (CRISC) certification. Omollo-Mbai says that after becoming certified, “the CRISC certification helped me earn respect from my supervisors, colleagues and management. They feel confident in what I articulate about risk and controls and how best to improve organizational strategy around them. My peers outside of my organization seek me out to listen to my views on handling certain issues related to risk. As an auditor, I have been able to identify gaps in various risk assessments performed by management or the risk and compliance teams.”
Since becoming a CRISC, Omollo-Mbai has also found better career prospects and greater respect as a risk and assurance professional. Because she holds both Certified Information Systems Auditor (CISA) and CRISC certifications, recruiters and managers look at her as someone who understands both the risk and audit sides of the IT spectrum.
Even though the CRISC certification has given Omollo-Mbai the tools to quantify risk and align it with an organization’s risk appetite, she says the biggest challenge is convincing management to invest in implementing stronger and more stringent risk controls. That being said, she trusts her ability to use her technical knowledge around the risk management life cycle to provide management with all the information it needs to address current gaps and pain points.
Omollo-Mbai says one of the best parts of her job is that she gets to interact with a variety of people in different positions and in different countries. She enjoys seeing how they all view risk and controls differently and likes helping others find the controls that would benefit their organizations most. When Omollo-Mbai looks to advance herself further, both professionally and personally, she tries to apply her CRISC knowledge too. She says, “I realize that my personal and professional goals also tend to align and become intertwined, so my plans must harmonize or else my personal or professional life will likely suffer. The CRISC certification has helped me to look at pros and cons even when making personal decisions, so I have become more risk-aware as I make professional and personal decisions.”
Omollo-Mbai recommends that, “If you want to learn all matters risk—how to identify, assess, manage, report and monitor risk—then CRISC is the certification for you. What you learn while preparing for CRISC is not only applicable to IS and IT, but also for general business.” Getting her CRISC certification has helped her become more active in ISACA. She volunteers for opportunities she finds through Engage and on the ISACA Kenya Chapter committees. Since becoming a more active member, she has broadened her personal and professional networks and helps mentor technology interns as part of the SheLeadsTech outreach programs across South and East Africa.
To learn more about ISACA certifications, visit the Certification page of the ISACA website.