Certified in Continual/Continuous Audit & Risk Data Analytics


Certification Grandfather Status

The CCARDA credential is currently open for grandfathering until July 1, 2020. Grandfathering requirements specific to this certification can be found at the bottom of this page. For additional grandfathering information, see the How to Grandfather link in the side panel



In today’s world everything revolves around the ability to effectively and efficiently assess risk in two key areas of any Enterprise; Internal Audit and Enterprise Risk Management. It is important to effectively assess risk so threats can be proactively prevented and effectively managed. This is why organizations need skilled professionals who specialize in advanced risk assessment techniques using real data to determine real business outcomes. The CCARDA certification prepares professionals with the skills required for data analysis mapping to achieve business outcomes and prevent risk. The CCARDA professional will be experienced in the tools necessary to utilize data analytics effectively to evaluate risk on a continual, periodic, basis, as well as the proactive designs of the future, continuous tooling, which operate in the real time domain. The is of course the ability to recognize and deal with risk on an instantaneous basis.



Becoming a CCARDA professional will require each individual to demonstrate knowledge and skills in the following areas:

  • Create an interactive risk assessment using data centric logic based approaches across the Enterprise. This risk assessment methodology will help manage all types of physical, logical, and organizational risks.
  • Direct and manage the actions of technical professionals and paraprofessionals in extracting and manipulating data.
  • Design an enterprise-wide risk assessment capability that is manageable and operational.
  • Deliver progressive Enterprise risk assessments to meet the challenges of today’s organizations and be recognized as leaders in the field of risk assessment.




Certification Outcomes

  • Extract and manipulate data using properly designed and repeatable means across a wide array of industries.

  • Determine key data to be used in any aspect of risk evaluation and audit practice situations.

  • Apply analytic techniques to determine the point of risk that needs to be investigated/addressed and the precise audit objective that needs to be satisfied.

  • Determine the exact types of data that must be employed in each situation to produce the desired outcome.

  • Define the data-mining landscape through physical mapping.

  • Utilize effective data mining techniques.

  • Determine key data locations.

  • Identify and verify data integrity at the source.

  • Map logical data pathways and their importance in tracking risk indicators.

  • Demonstrate knowledge of ORCA©-Outcome & Risk Centric Auditing.

  • Identify key outcomes and why they are the center of a logically based risk assessment process that is business centric.

  • Apply key audit disciplines to understand and interpret data.

  • Identify the key outcomes specific to individual organizations.

  • Identify the key outcomes of primary organizational processes.

  • Demonstrate the process of identifying key risk indicators to accurately determine risks using the correct data and the best analytic to apply in determining the risks of the enterprise.


Grandfathering Requirements

The minimum specifications for grandfathering into the CARDA certificate consists of a combination of relevant hands-on experience, professional certifications, and VGI training.  The total of these three specifications must meet or exceed 4 experience units.  

  • Experience in relevant and attested to hands-on professional experience matching the CCARDA core experience where one year equals one unit of experience. Core experience types include: Automated Data Extraction and Analysis, ERM Data Analytics, Identification of Key Business Risks (Data-centric), and Creating Risk/Audit Key Risk Indicators.
  • Active verifiable professional certifications where each certification equals one unit of experience (maximum of 2).  Accepted certifications include CISA, CRMA, CRISC, CIA, CPA, CISSP, CISM, CFE, and QSA.
  • A Masters Degree may also be used as 1 experience unit.
  • Completed VGI course modules can be used as experience units (maximum of 2). Each completed course module equals .5 units of experience.


Core Competency

In addition to the above requirements, a certification specific fundamental course must be taken along with a passing score on the test which is taken directly after the coursework. All testing is done open book. Upon completion of the coursework and test, you will receive 8 CPE’s which is included in the grandfathering fee. The course will be designed to take approximately 400 minutes.


  • Professional Certifications
  • Para Professional Certifications
  • How to Certify
  • How to Grandfather
  • Grandfather Application

Risk University

The Virtual Governance Institute has created a core curriculum of progressive methodologies and academic content in the areas of Risk Assessment, Enterprise Risk Management and Fraud Auditing to deliver cutting edge proprietary approaches to each of these critical governance areas.


The Virtual Governance Institute has created and is now introducing professional certifications that will identify individuals as leaders in the field of Auditing, Enterprise Risk Management and Data Analytics.


Virtual Governance Institute (VGI) Professional Member Information.