Risk Management Steps, Best Practices for Agile Projects Outlined in New ISACA Resource

SCHAUMBURG, Ill.--()--The COVID-19 pandemic drove digital acceleration, and as a result, organizations are ramping up their use of Agile methodologies to deliver projects more quickly. With Agile comes different risk, however, and ISACA provides a primer on how organizations can manage this in new free white paper, Incorporating Risk Management in Agile Projects.

The resource defines essential elements of risk and the risk management process, as well as Agile methodology, and the sprint cycle in a Scrum framework. It also explores the difference between risk management for the more traditional project management approach, Waterfall, and Agile—for examples, the big upfront risk planning (BURP) and risk mitigation before a project begins that comes with Waterfall, vs. the focuses on adaptive risk management approach with Agile.

Additionally, Incorporating Risk Management in Agile Projects walks through steps entailed in process implementation—including an example in practice using the Scrum framework—outlining the risk management steps involved in these key categories:

  1. Setting context
  2. Identifying risk
  3. Analyzing risk
  4. Determining risk response
  5. Implementing risk response
  6. Monitoring risk

Beyond executing these implementation steps, the paper examines what it takes to be successful in Agile risk management, including these key factors:

  • Integration with Agile methodology
  • Tailoring risk effort for organizational and project context
  • Recognizing risk management as a discipline that provides a positive return on investment

“Enterprises that embrace Agile methodologies to keep pace with their digital acceleration don’t have to sacrifice strong risk management practices in the process,” says Kerris Lee, ISACA enterprise risk management director. “By tailoring their risk management process for an Agile context, these organizations can assess and manage their risk while continuing to advance their services and projects.”

To download a complimentary copy of Incorporating Risk Management in Agile Projects white paper, visit www.isaca.org/resources/white-papers/incorporating-risk-management-into-agile-projects. Additional risk resources from ISACA can be found at www.isaca.org/resources/it-risk.


ISACA® (www.isaca.org) is a global community advancing individuals and organizations in their pursuit of digital trust. For more than 50 years, ISACA has equipped individuals and enterprises with the knowledge, credentials, education, training and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA is a global professional association and learning organization that leverages the expertise of its more than 165,000 members who work in digital trust fields such as information security, governance, assurance, risk, privacy and quality. It has a presence in 188 countries, including 225 chapters worldwide. Through its foundation One In Tech, ISACA supports IT education and career pathways for underresourced and underrepresented populations.

Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews


Bridget Drufke, bdrufke@isaca.org, +1.847.660.5554
Emily Ayala, communications@isaca.org, +1.847.385.7223



Bridget Drufke, bdrufke@isaca.org, +1.847.660.5554
Emily Ayala, communications@isaca.org, +1.847.385.7223