What Is the Scope of Risk Management for an Organization?

The scope of risk management indicates an area of concern, which can also be thought of as an area of control. Some things can be controlled, and others cannot. For example, hurricanes and earthquakes cannot be controlled, but their impact can be reduced by planning how an organization will respond.


The scope identifies the boundaries of a project. The biggest problem of not identifying the scope is scope creep. Scope creep happens when a project’s goals or deliverables grow without control. For example, personnel could spend time and resources on low-value assets at the expense of high-value assets. If the project scope isn’t controlled, the project can consume more resources, ...

Get Managing Risk in Information Systems, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.