ISACA publishes guidance for organizations that are new to risk management
- Published: Friday, 09 March 2018 09:41
ISACA has released its latest white paper, ‘Getting Started with Risk Management,’ to provide advice to organizations than have immature risk management systems. The document ‘explores the careful balance that enterprises must achieve while addressing unique factors that may exist in an organization.’
ISACA says that, while risk management has gained increasing importance within organizations, the risk management process can sometimes lack the depth and specificity required by enterprises and the risk landscapes in which they operate. With the potential to improve enterprise decision-making, better align organizational resources and ensure value creation, making risk management a proactive function instead of a reactive one can provide great outcomes.
“Risk management processes aren’t just important for an enterprise to stay on top of potential threats, but are vital to its growth as well,” said Ed Moyle, Director of Thought Leadership at ISACA. “It’s important for any organization’s C-Suite to understand that risk management isn’t just a function or a department – it is comprised of activities and culture that an enterprise undertakes to create and preserve strategic objectives.”
The white paper explores how to structure risk activities, beginning with six questions that risk management should answer:
- What are we in business to do?
- What risks are we exposed to?
- What risk is most important?
- What are we going to do about the high priority risk and others that require action?
- Did our risk actions produce the desired outcomes?
- Is the risk management process embedded in the business and operating as intended?
After answering these six questions, organizations should have a better understanding of the type of risk management process that will best serve them. In addition to a step-by-step approach, ISACA’s latest guidance provides illustrative examples based on COBIT 5, to help show the key differences of risk function and risk management in different scenarios.
Getting Start with Risk Management is available for members and non-members at www.isaca.org/getting-started-with-risk