Certified in Enterprise Risk Management Data Analytics


Certification Grandfather Status

The CERMDA credential is currently open for grandfathering until July 1, 2020. Grandfathering requirements specific to this certification can be found at the bottom of this page. For additional grandfathering information, see the How to Grandfather link in the side panel



Unfortunately many of today's ERM processes are built using inconsistent and subjective based outdated processes which can result in loss of data, financial missteps, major operational stoppages and loss of customer confidence. In order to effectively execute ERM in today's constantly changing security landscape, audit and risk professionals must employ a top down data-centric approach to all aspects of risk management.



Becoming a CERMDA professional will require each individual to demonstrate knowledge and skills in the following areas:

  • Create a highly effective interactive risk management capability with a logical presence throughout the entire enterprise by recognizing and managing all types of physical, logical, and organizational risks.
  • Direct and manage the actions of technical professionals and paraprofessionals in extracting and manipulating data using means that are properly designed and repeatable for any and all purposes required for the effective assessment of risk, management of risk, and effective reporting to appropriate levels of authority.
  • Design an enterprise-wide risk management capability that is manageable and operational.
  • Deliver progressive platforms of ERM to meet the challenges of today’s organizations and be recognized as leaders in the field of ERM.




Certification Outcomes

  • Extract and manipulate data using properly designed and repeatable means across a wide array of industries.

  • Determine key data to be used in any aspect of risk evaluation and audit practice situations.

  • Apply analytic techniques to determine the point of risk that needs to be investigated / addressed and the precise audit objective that needs to be satisfied.

  • Determine the exact types of data that must be employed in each situation to produce the desired outcome.

  • Define the data-mining landscape through physical mapping.

  • Demonstrates knowledge of effective data mining.

  • Determine key data locations.

  • Identify and verify data integrity at the source.

  • Map logical data pathways and their importance in tracking risk indicators.

  • Demonstrates knowledge of ORCA©-Outcome & Risk Centric Auditing.

  • Recognize key outcomes and why they are the center of a logically based risk assessment process / ERM business oriented approach.

  • Apply key audit disciplines to understand and interpret data.

  • Demonstrates knowledge relating to the concepts, objectives, and deliverables of ERM.

  • Demonstrates thorough understanding of the COSO ERM Integrated Framework.

  • Identify the key outcomes specific to individual organizations.

  • Identify the key outcomes of primary organizational processes.

  • Demonstrates the process of identifying key risk indicators to accurately determine risks using the correct data and the best analytic to determine the risks of the enterprise.


Grandfathering Requirements

The minimum specifications for grandfathering into the CERMDA certificate consists of a combination of relevant hands-on experience, professional certifications, and VGI training.  The total of these three specifications must meet or exceed 4 experience units.  

  • Experience in relevant and attested to hands-on professional experience matching the CERMDA core experience where one year equals one unit of experience. Core experience types include: Automated Data Extraction and Analysis, ERM Data Analytics, Identification of Key Business Risks (Data-centric), and Creating Risk/Audit Key Risk Indicators.
  • Active verifiable professional certifications where each certification equals one unit of experience (maximum of 2). Accepted certifications include CISA, CRMA, CRISC, CIA, CPA, CISSP, CISM, CFE, and QSA.
  • A Masters Degree may also be used as 1 experience unit.
  • Completed VGI course modules can be used as experience units (maximum of 2). Each completed course module equals .5 units of experience.


Core Competency

In addition to the above requirements, a certification specific fundamental course must be taken along with a passing score on the test which is taken directly after the coursework. All testing is done open book. Upon completion of the coursework and test, you will receive 6 CPE’s which is included in the grandfathering fee. The course will be designed to take approximately 300 minutes.


  • Professional Certifications
  • Para Professional Certifications
  • How to Certify
  • How to Grandfather
  • Grandfather Application

Risk University

The Virtual Governance Institute has created a core curriculum of progressive methodologies and academic content in the areas of Risk Assessment, Enterprise Risk Management and Fraud Auditing to deliver cutting edge proprietary approaches to each of these critical governance areas.


The Virtual Governance Institute has created and is now introducing professional certifications that will identify individuals as leaders in the field of Auditing, Enterprise Risk Management and Data Analytics.


Virtual Governance Institute (VGI) Professional Member Information.