Almost anything of value may be stolen, given someone’s desire and opportunity. All organizations face a certain amount of risk, some departments or functions are much more prone to theft or fraud than others. It is essential to determine how much risk is acceptable and how to manage cost-effectively the risk while meeting the organization’s strategic and operational objectives. In March 2009, the ASIS Global Standards Initiative published the American National Standard ANSI/ASIS.SPC.1: Organizational Resilience: Security, Preparedness and Continuity Management Systems—Requirements with Guidance for Use. Over the years, this standard was implemented and submitted to ISO, for consideration as an international standard.