ISACA GOVERNANCE JUDGMENT ACCELERATOR · CRISC + CISM + CISA
Our programs don’t just teach ISACA frameworks like COBIT, ITIL, and CRISC because knowing the framework isn’t enough. We use the Governance Judgment Framework (GJF) to build the judgment enterprise GRC professionals actually need — under pressure, with real evidence, across real decisions.
THE GJF DIFFERENCE
Most ISACA programs teach you to pass the exam. This one trains you to make real governance decisions under enterprise conditions.
§ 01 · THE GJF FRAMEWORK
GJF is a meta-framework for practicing enterprise-wide governance judgment. Rather than teaching frameworks as abstract bodies of knowledge, GJF develops the practitioner’s ability to reason through real governance decisions — using ISACA frameworks as lenses, not checklists.
Explore the Framework →You can read the Review Manual cover to cover and still miss the one thing the exam actually tests — how to reason the ISACA way, under pressure, with incomplete evidence.
Risk Lens
How risk-based decisions cascade through governance structures
Assessment Lens
Evidence sufficiency and how auditors actually evaluate controls
Decision Lens
How governance decisions get made under organizational pressure
TODAY’S PATH
6–12 mo
to self-prep across three credentials
THE MATERIAL
Abstract
dense frameworks, no reps with real evidence
AFTER PASSING
Not ready
for a real engagement on day one
§ 02 · THE THREE CERTIFICATIONS
Roughly 60% of their body of knowledge overlaps — governance, IT controls, risk, evidence. Learning them together means you see the same scenario through three lenses while the reasoning is still fresh.
Certified in Risk & Information Systems Control. The authoritative risk credential for professionals who translate IT risk into capital-allocation language. Build a risk register that informs decisions, not one that collects dust.
Certified Information Security Manager. 88,000+ holders. The preferred credential on the CISO track. Translate technical risk to the board, build a program that delivers ROI, lead incident response under scrutiny.
Certified Information Systems Auditor. The most recognized IS audit credential in the world — 151,000+ holders across 188 countries. Scope risk-based audits, evaluate IT general controls, defend evidence sufficiency.
Together, they form the Enterprise Trust Stack
Risk you can measure. Programs you can defend. Audits you can lead.
Want CDPSE? Add it as an auxiliary module for $2,495. Corporate & team rates on request.
§ 03 · THE DIFFERENTIATOR
Real scenarios. Socratic probing. Four-dimensional scoring. Every cohort gets access to the Cubelet AI governance simulator — the same judgment engine Divergence built for ISACA and CMMC practitioner prep.
FNC-003 · CISA Assessor Lens
turn 3 of 12
SCENARIO
FinSecure operates a core banking platform on legacy IBM midrange. IT Operations has been applying emergency patches directly to production without change tickets — the manager says they have verbal CIO approval, documented after the fact. You pull the 90-day change log and find 34 undocumented changes, three of which coincide with customer transaction anomalies in the incident log.
ASSESSOR PROBE · Q1
"From a CISA perspective — what is the primary risk this scenario presents? Is it an IT risk, a business risk, or both? Walk me through your reasoning."
COMPLICATING FACTOR · turn 6
The IT Director just informed you the ITSM platform was migrated 45 days ago. Logs prior exist only on legacy tape backups, which may not be recoverable in your audit window. How does this affect your scope statement and sampling-sufficiency conclusion?
MIRROR MOMENT · end of session
"You went straight to action when the methodology called for evidence classification first. A licensed auditor is expected to see not just what the risk is — but who owns it."
WHAT THE SIMULATOR BRINGS
100+ scenarios
Drawn from real audits, incidents, and governance dilemmas — not canned multiple-choice.
Lens pivoting
Same scenario, different lens (CISA vs. CRISC vs. CISM) — so you see where the reasoning diverges.
Cross-framework map
Connects ISACA reasoning to NIST 800-53, CMMC, ISO 27001, SOC 2 — the way you'll use it on the job.
Agent coach
On-demand feedback on strengths, gap vocabulary, directional errors, and a personalized study plan.
Built by our sibling platform Cubelet AI / GRID42. Exclusive to Euler Center / Divergence Academy cohorts.
§ 04 · THE FORMAT
9 AM – 5 PM, virtual live. Each lens is taught in full immersion — domain deep-dives, workpaper exercises, group debriefs, and scenario runs that rotate the same case through three perspectives.
The Fly-In Format
Immersive cohort experience — 15 seats, live, full-day
The “Fly-In” is our name for the cohort commitment model: you block two weeks, go deep, and emerge with three lenses fully loaded. No halfway attendance, no catch-up videos. The intensity is the point — governance judgment develops through reps under pressure, not passive study.
01 → PRE-WORK
Official Review Manuals, QAE database, Self-Study Online, plus a GJF simulator diagnostic that maps your reasoning gaps across all three lenses. Your instructor reviews before Day 1.
02 → DAYS 1–4 · CRISC
Risk identification, quantification in CFO-grade language, control design, KRI selection, and third-party exposure scenarios. Learn to translate IT risk into capital-allocation decisions.
03 → DAYS 5–7 · CISM
Governance architecture, risk treatment against business appetite, program ROI, and incident response. Group debriefs where your cohort plays CIO, CISO, and board simultaneously.
04 → DAYS 8–10 · CISA
Domain deep-dives, workpaper exercises, and simulator scenarios that teach you to scope, sample, and defend evidence sufficiency — the way real auditors think, not how test-takers think.
05 → EXAM WINDOW
Three ISACA exam vouchers, one-year ISACA membership, 90 days of Cubelet simulator access. Office hours with your instructor through your first sitting.
06 → AFTER
Divergence alumni span Big Four, internal audit, defense contractors, banks, SaaS, and federal oversight. You plug in to a working group that keeps sharing artifacts long after you pass.
§ 05 · WHO THIS PROGRAM IS FOR
You govern risk frameworks and compliance programs but can't always articulate why a control is sufficient. You need the judgment vocabulary that CRISC, CISM, and CISA develop together — not separately.
You conduct audits but want ISACA credentials to formalize the skills you already practice. You'll learn to see the same evidence artifact through three lenses simultaneously — audit, risk, and program.
You manage risk registers and report to the board, but want credentials that validate your framework fluency. CRISC is your primary target — CISM and CISA unlock the cross-functional conversation.
Your team needs to speak the language of IT risk and governance controls. Whether you’re building a department or leading one, all three credentials map directly to your operational responsibilities.
You hold technical credentials (CISSP, CISM, Security+) and want to move into governance. CRISC + CISM + CISA bridges the gap from practitioner to program leader and board communicator.
You come from audit, accounting, legal, or operations and are entering GRC for the first time. The Fly-In format was designed for practitioners who need to ramp fast with peer support.
§ 06 · OUTCOMES THAT MATTER
OPTION 1
ESTIMATED ~600 HOURS SELF-STUDY
OPTION 2
80 LIVE HOURS · ~42 CPE · 90 DAYS POST-ACCESS
§ 06 · TUITION
$6K–$12K equivalent training value. Priced as an investment in the next 12–18 months of your career — not three separate courses over a year.
TRI-CERT · 2026 COHORT
Save $1,490 vs. individual enrollment
TUITION INCLUDES
Three ISACA exam vouchers
One attempt each for CISA, CISM, CRISC
Three ISACA Review Manuals
Official, latest job-practice editions
Three QAE databases
Questions, Answers & Explanations — 12-month access
ISACA Self-Study Online Review
All three credentials
One-year ISACA membership
Unlocks CPEs and retake discounts
Up to 42 ISACA CPE hours
~14 per credential, logged under our ATP designation
90 days simulator access
Cubelet AI governance engine, post-cohort
Office hours with the instructor
Through your first exam sittings
§ 07 · EMPLOYER SPONSORSHIP
We issue invoices, W-9s, and itemized CPE receipts. Teams of three or more receive a discount. Dedicated cohorts available for 10+. VA/VR&E benefits and Microsoft Partner co-sell funding may apply — we help you navigate both.
SECTION 1 · MAKE THE CASE
SECTION 2 · GET IT DONE
§ 08 · FAQ
Is this a CPE grab or actual exam prep?
+Both — and we're honest about it. Some of your cohort will be there to refresh reasoning and bank CPE hours. Others sit the exams within 60 days of graduation. The simulator and scenario debriefs are what make this a bootcamp instead of a video dump — and the exam candidates usually drive the most engagement, which makes the room better for everyone.
Why all three together? Why not one at a time?
+Because the three credentials share roughly 60% of their body of knowledge — governance, IT controls, risk frameworks, audit evidence — and the real exam questions test your ability to hold multiple lenses at once. Two immersive weeks means you see the same scenario from three angles while the reasoning is still fresh. CDPSE is different (technical privacy engineering) which is why we offer it as an optional add-on.
What if I only want CISA?
+We offer each cert as a standalone course — see CISA Prep, CISM Prep, and CRISC Prep in our programs list. The tri-cert bundle exists for professionals who know they want all three over the next 12–18 months and would rather compress the learning into two weeks than stretch it across a year.
What are the experience requirements?
+You can sit for all three exams with zero prerequisites. To earn the credentials, ISACA requires documented experience: 5 years for CISA (waivers up to 3), 5 years for CISM with 3 in management (waivers up to 2), and 3 years for CRISC (no waivers). Most candidates pass first and complete experience documentation in the 5-year window that follows. Our instructors advise on waivers and career moves that accelerate eligibility.
How is the simulator actually used day-to-day?
+Every session has a simulator block. You run a scenario, your instructor watches the scoring trace, and the cohort debriefs — comparing reasoning chains, identifying where the CISA lens diverged from the CRISC lens, and rewinding with a complicating factor injected. You also get 90 days of post-cohort access to practice independently.
What if I don't pass on the first try?
+You keep your ISACA membership, you keep 90 days of simulator access, and your instructor holds targeted office hours for retake prep. Retake fees are paid directly to ISACA at the member rate your included membership unlocks. We don't sell "pass guarantees" — the industry has proven those to be gimmicks. We sell the discipline and the engine that make passing the predictable outcome.
Who is teaching this?
+The lead instructor is a practicing systems auditor quad-credentialed across CISA, CISM, CRISC, and CDPSE — one of the few instructors in North America holding all four ISACA GRC certifications. Divergence Academy is an ISACA Accredited Training Organization (ATO).
§ 09 · TRANSFORM YOUR JUDGMENT
Fifteen seats per cohort. Next cohort begins April 27, 2026. Application review is rolling — earlier applicants get their choice of cohort month.
Credentials
CRISC + CISM + CISA. Three ISACA credentials, three exam vouchers, one ISACA membership.
Judgment
GJF-trained reasoning. The ability to make governance decisions under real enterprise conditions.
Network
15-person cohort + Divergence alumni across Big Four, federal oversight, banking, and enterprise GRC.
DIVERGENCE ACADEMY · ISACA ACCREDITED TRAINING ORGANIZATION · POWERED BY CUBELET AI · GJF FRAMEWORK