Professional Documents
Culture Documents
1 - Risk Starter Kit Introduction and Getting Started
1 - Risk Starter Kit Introduction and Getting Started
Risk
2 RISK STARTER KIT:INTRODUCTION AND GETTING STARTED
CONTENTS
3 Introduction
3 / Toolkit Components
4 Getting Started with the Toolkit
5 Acknowledgments
Introduction
Risk management is a business capability or, simply, a set assist in quickly evaluating which risk is in alignment with
of coordinated activities to direct and control an management objectives for risk-taking, and which risk
enterprise with regard to risk. The Risk Starter Kit consists needs further analysis or investigation.
of multiple tools to facilitate these activities. The risk
management capability underpins all business processes
to ensure the enterprise continuously creates and delivers
value. Toolkit Components
The following tools are included:
Risk management activities require purposeful
interactions among people, processes, technologies and • Risk Appetite Statement—Provides guidance on what
systems with oversight at the highest levels of the components to consider when creating a risk tolerance
enterprise. Risk management works best when risk- statement. Includes a statement template.
related activities are integrated with the regular workflow • Risk Assessment Template—Provides guidance on the key
of management and staff rather than treated as add-ons. components to consider, using a variety of techniques and
understand and explain risk to business process owners and identified controls to risk in order to monitor mitigation
other stakeholders. Includes a template that facilitates creation effectiveness and identify needed modifications.
of a fully thought-out risk scenario and explains how it would • Risk Register—Provides a template to identify the components
integrate with and impact other parts of the enterprise. necessary to supply adequate information for each risk.
risk.
peers.
Acknowledgments
ISACA would like to acknowledge:
Sunil Bakshi, CISA, CRISC, CISM, CGEIT, Director, CERT Division of Carnegie Mellon Brennan P. Baybeck
CDPSE, AMIIB, CEH, CISSP, ISO 27001 LA, University’s Software Engineering Institute,
CISA, CISM, CRISC, CISSP
MCA, PMP, Freelance Consultant, India USA
ISACA Board Chair, 2019-2020
Ilker Tutu, CISA, CRISC, CISM, CGEIT, Pamela Nigro, Vice-Chair Vice President and Chief Information
CISSP, CIA, PCI ISA Paypal Europe, CISA, CGEIT, CRISC, CDPSE, CRMA Security Officer for Customer Services,
Luxembourg Vice President, Security, Medecision, USA Oracle Corporation, USA
Gabriela Hernandez-Cardoso
Independent Board Member, Mexico
Maureen O’Connell
Board Chair, Acacia Research (NASDAQ),
Former Chief Financial Officer and Chief
Administration Officer, Scholastic, Inc.,
USA
Veronica Rose
CISA, CDPSE
Founder, Encrypt Africa, Kenya
David Samuelson
Chief Executive Officer, ISACA, USA
Gerrard Schmid
President and Chief Executive Officer,
Diebold Nixdorf, USA
Asaf Weisberg
CISA, CISM, CGEIT, CRISC
Chief Executive Officer, introSight Ltd.,
Israel
Tracey Dedrick
ISACA Board Chair, 2020-2021
About ISACA
For more than 50 years, ISACA® (www.isaca.org) has advanced the best
1700 E. Golf Road, Suite 400
talent, expertise and learning in technology. ISACA equips individuals with
Schaumburg, IL 60173, USA
knowledge, credentials, education and community to progress their careers
and transform their organizations, and enables enterprises to train and build
Phone: +1.847.660.5505
quality teams that effectively drive IT audit, risk management and security
priorities forward. ISACA is a global professional association and learning Fax: +1.847.253.1755
organization that leverages the expertise of more than 150,000 members who
Support: support.isaca.org
work in information security, governance, assurance, risk and privacy to drive
innovation through technology. It has a presence in 188 countries, including Website: www.isaca.org
more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a
philanthropic foundation that supports IT education and career pathways for
under-resourced, under-represented populations.
Provide Feedback:
DISCLAIMER
www.isaca.gov/risk-starter-kit
ISACA has designed and created the Risk Starter Kit - Introduction and Getting
Started (the “Work”) primarily as an educational resource for professionals. Participate in the ISACA Online
ISACA makes no claim that use of any of the Work will assure a successful Forums:
outcome. The Work should not be considered inclusive of all proper https://engage.isaca.org/onlineforums