ISACA Risk Starter Kit provides risk management templates and policies

As enterprises have learned even more acutely over the past few years, managing risk is crucial to minimizing disruption and ensuring business continuity in the face of challenges. To aid enterprises in creating their own tailored risk management program, ISACA has released a Risk Starter Kit, which contains a wealth of tools and templates to facilitate risk assessment, risk appetite, risk maturity assessment, risk policy creation and other related tasks.

Created by a group of global risk experts, the Risk Starter Kit includes guidance and templates that provide enterprises with a strong foundation for creating their own customized risk management tasks suited to their needs. These resources include:

  • Risk appetite statement
  • Risk assessment template
  • Risk reporting
  • Risk governance tools, including an IT risk management policy and a risk committee charter
  • Risk maturity assessment
  • IT risk job descriptions
  • Risk scenario template
  • Risk and controls library
  • Risk register

Rather than having to create each tool to perform standard risk management tasks on their own, enterprises can save time by downloading the components and editing and customizing them based on their own needs and key risk management functions.

“Risk professionals know that a strong risk management program requires a coordinated spectrum of activities that are integrated into the business and involve support and buy-in from across all levels of the enterprise,” says Paul Phillips, ISACA Director of Event Content Development and Risk Professional Practice Lead. “It takes time and reflection for enterprises to perform risk management functions and having a trusted foundation from which to design these risk activities adds significant value. These tools will help enterprises meet their unique goals and needs within their industry and region.”

The Risk Starter Kit is free for ISACA members and US$49 for nonmembers. ISACA offers additional risk resources, including the Risk IT Framework and the Certified in Risk and Information Systems Control (CRISC) certification.




Share this