Press Release


 ISACA: Successful Risk Management Provides Value for Enterprises 

Rolling Meadows, IL, USA (6 March 2018) — While risk management has gained increasing importance within organizations, the risk management process can sometimes lack the depth and specificity required by enterprises and the risk landscapes in which they operate. With the potential to improve enterprise decision-making, better align organizational resources and ensure value creation, making risk management a proactive function instead of a reactive one can provide great outcomes.

ISACA’s latest white paper, Getting Started with Risk Management, explores the careful balance that enterprises must achieve while addressing unique factors that may exist in an organization. Enterprises must be willing to accept some level of risk in exchange for pursuing business goals and objectives.

“Risk management processes aren’t just important for an enterprise to stay on top of potential threats, but are vital to its growth as well,” said Ed Moyle, Director of Thought Leadership at ISACA. “It’s important for any organization’s C-Suite to understand that risk management isn’t just a function or a department – it is comprised of activities and culture that an enterprise undertakes to create and preserve strategic objectives.”

The complimentary white paper explores how to structure risk activities, beginning with six questions that risk management should answer:

  1. What are we in business to do?
  2. What risks are we exposed to?
  3. What risk is most important?
  4. What are we going to do about the high priority risk and others that require action?
  5. Did our risk actions produce the desired outcomes?
  6. Is the risk management process embedded in the business and operating as intended?

After answering these six questions, organizations should have a better understanding of the type of risk management process that will best serve them. In addition to a step-by-step approach, ISACA’s latest guidance provides illustrative examples based on COBIT® 5, to help show the key differences of risk function and risk management in different scenarios.

Getting Start with Risk Management is available now for members and non-members at



Nearing its 50th year, ISACA ( is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its half-million engaged professionals in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 215 chapters and offices in both the United States and China.




Michelle Micor, +1 .847. 385.7217,
Jay Schwab, +1.847.660.5693,