Risk Management 

 

These materials are intended for ISACA Academic Advocates only. You must be logged in to the web site as an ISACA Academic Advocate in order to access them. Please note: ISACA’s Academic Advocate program is currently on hold and at this time we are not accepting any new applications.

Please first review the Academic Guidelines for using this material:

Download Academic Guidelines (292K)

Download Academic Translation Agreement (323)

For copyright permission to customize the material, contact Julia Fullerton, Director of Intellectual Property and Business Product Development at jfullerton@isaca.org.


Risk Management Student Book

  • Chapter 1. The Purpose of This Document states the goal of this publication is to be integrated into courses on risk management, and is intended for students with little or no business experience. It also provides an overview of COBIT 5 for Risk.
  • Chapter 2. The Governance Objective Objective introduces the core objective of every enterprise, what governance and risk are, and how risk management benefits the enterprise.
  • Chapter 3. Core Concepts of COBIT 5 for Risk looks at the COBIT framework as it applies to risk, including core risk management processes and enablers.
  • Chapter 4. IT Risk Identification discusses some of the challenges associated with identifying risks, methodologies that can help to overcome them and the three IT risk categories.
  • Chapter 5. IT Risk Assessment deals with the evaluation of risk as a function of a threat event, vulnerability and consequences, with the goal of providing a foundation on which to craft a response.
  • Chapter 6. Risk Response and Mitigation looks at the ways in which an enterprise may choose to address a risk, including avoidance, transfer, and acceptance as well as mitigation, and how to know which is most appropriate.
  • Chapter 7. Risk and Control Monitoring and Reporting provides insight into the various ways in which enterprises track and report the effectiveness of their controls, and why doing so is of value at all levels of an organization.
  • Chapter 8. Conclusion offers a brief conclusion and guidance to those who may seek additional resources on the topics covered in this book.

  Download Student Book (Academic Advocates only; 26-page PDF)


IT Risk Identification Caselets

Company profile, background information, notes, and tasks for discussion are included. Students are able to play the role of the Director of Technology Infrastructure for PridePoint Bank, a mid-sized, privately-held bank that was recently created from a merger between two smaller banks. The Answers/Solutions Caselet is intended to be a Teachers’ Edition, providing guidance and solutions.

  Download Caselet (Academic Advocates only; 26-slide PPT file)

  Download Caselet Answers/Solutions (Academic Advocates only; Teaching Notes, 39-slide PPT file)


IT Risk Assessment Caselets

Company profile, background information, issues, and tasks for discussion are included. Students are able to play the role of an Information Systems Risk Analyst for PridePoint Bank, a mid-sized bank that was recently taken public in order to accelerate expansion and cut costs. The Answers/Solutions Caselet is intended to be a Teachers’ Edition, providing guidance and solutions.

  Download Caselet (Academic Advocates only; 21-slide PPT file)

  Download Caselet Answers/Solutions (Academic Advocates only; Teaching Notes, 32-slide PPT file)


Risk Response and Mitigation Caselets

Company profile, background information, issues, and tasks for discussion are included. Students are able to play the role of an Operational Risk Specialist for PridePoint bank, a mid-sized, publicly traded bank that is focused on controlling risk to retain customers. The Answers/Solutions Caselet is intended to be a Teachers’ Edition, providing guidance and solutions.

  Download Caselet (Academic Advocates only; 31-slide PPT file)

  Download Caselet Answers/Solutions (Academic Advocates only; Teaching Notes, 48-slide PPT file)


Risk and Control Monitoring and Reporting Caselets

Company profile, background information, notes, and tasks for discussion are included. Students are able to play the role the Director of Information Security at PridePoint bank, a mid-sized, publicly traded bank that is committed to controlling risk as its growth strategy. The Answers/Solutions Caselet is intended to be a Teachers’ Edition, providing guidance and solutions.

  Download Caselet (Academic Advocates only; 24-slide PPT file)

  Download Caselet Answers/Solutions (Academic Advocates only; Teaching Notes, 30-slide PPT file)