Six Steps to Using Risk Scenarios for Improved Risk Management
New ISACA guide provides 60 customizable scenarios for organizations
Pune (Oct 01, 2014): To help executives understand IT-related risk, IT risk managers should develop and test risk scenarios. A new guide and tool kit from global IT association ISACA provide 60 risk scenario examples covering 20 categories of risk that organizations can customize for their own use.
Risk Scenarios Using COBIT 5 for Riskprovides an understanding of risk assessment and risk management concepts in business terms, based on the principles of the globally recognized COBIT framework. It also outlines six key steps to effectively use risk scenarios to improve risk management:
“The scenarios included in this guide help enterprises develop a tangible and assessable representation of risk to determine the business impact and the enterprise’s preparation levels,” said Steven Babb, chair of ISACA’s Knowledge Board and ISACA international vice president. “Well-developed risk scenarios that are linked to real business risk using these six steps help support risk management activities and make them realistic and relevant to the enterprise.”
Risk Scenarios provides scenario examples across categories such as IT investment decision making, staff operations, infrastructure, software, regulatory compliance, geopolitical, malware, acts of nature and innovation.
“Risk scenario analysis is a valuable technique that helps IT professionals understand and handle vulnerabilities, while helping businesses respond more effectively when implementing strategies that could affect IT-related risk,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA. “The new Risk Scenarios publication provides key guidance based on the globally respected COBIT framework to help enterprises identify, analyze and respond to risk and understand its impact on the business.”
The publication also provides guidance on how to respond to risk that exceeds the organization’s tolerance level and how to use COBIT 5 to accomplish key risk management activities.