CHAPTER 2: ENTERPRISE RISK MANAGEMENT (ERM) FRAMEWORKS
Overview
In the last chapter we saw how to identify, assess and report risks at the strategic level. This sets the overall risk context and framework for an organisation. However, if we then try to identify all of the risks at a day to day or operational/tactical level, without reference to this context, there is a danger that:
• the strategic risks may be forgotten or missed, leading to gaps in risk coverage.
• we will be reviewing and mitigating risks that are not significant to the organisation as a whole.
We therefore need a mechanism to connect and synchronise the strategic and operational/tactical risks and controls. This mechanism is often referred to as ERM, or Enterprise Risk ...
Get Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.