SCHAUMBURG, Ill. — July 5, 2022 — One of the challenges for IT risk management is to identify important and relevant risk, and one of the best ways to do that is through a well-developed risk scenario providing a realistic and practical view of risk that may prevent an enterprise from achieving its business objectives, historical events, and emerging threats. ISACA has developed a Risk Scenarios Starter Pack and concise online course that will help break down each aspect of a risk scenario.

The Risk Scenarios Starter Pack includes 10 sample risk scenarios that practitioners can use and tailor to their specific enterprises. Risk scenarios help improve communication about risk management by constructing a narrative that inspires individuals to act. Using risk scenarios helps the risk team to understand and explain risk to the business process owners and other stakeholders.

The 10 scenarios included in the Risk Scenarios Starter Pack are:

    1. IT Services Change Management
    2. Inability to Recruit or Retain IT Staff
    3. Inadequate Patch/Vulnerability Management
    4. Security Configuration Intentionally Modified
    5. Vendor Support Ends
    6. Phishing Attack
    7. Third-Party Suppliers
    8. Failure to Implement Regulatory Changes
    9. Failure to Appreciate Value of Emerging Technologies
    10. Unauthorized Access of Information

With the online companion course, How to Build a Risk Scenario, practitioners are able to define an IT risk scenario, describe the benefits of using one, summarize the structure of an IT risk scenario, explain the key points for developing an IT risk scenario, and describe the importance of the risk scenario technique. Attendees will receive 1 continuing professional education (CPE) credit.

“Using risk scenarios to overcome the challenge of identifying important and relevant risk brings realism, insight, organizational engagement, improved analysis and structure to the complex matter of IT risk,” says Paul Phillips, ISACA Director of Event Content Development and Risk Professional Practice Lead. “Organizations will benefit from tailoring ISACA’s new risk scenario materials to their specific contexts.”

The How to Build a Risk Scenario course is US$49 for ISACA members US$79 for nonmembers and is available at The Risk Scenarios Starter Pack is free for ISACA members and is available at

ISACA offers additional risk resources, including the Risk Starter Kit, at


ISACA® ( is a global community advancing individuals and organizations in their pursuit of digital trust. For over 50 years, ISACA has equipped individuals and enterprises with the knowledge, credentials, education, training and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA is a professional association and learning organization leveraging the expertise of its more than 165,000 members who work in digital trust fields such as information security, governance, assurance, risk, privacy and quality. It has a presence in 188 countries, including 225 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation.