O'Reilly logo

Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors by Christopher Wright

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 2: ENTERPRISE RISK MANAGEMENT (ERM) FRAMEWORKS

Overview

In the last chapter we saw how to identify, assess and report risks at the strategic level. This sets the overall risk context and framework for an organisation. However, if we then try to identify all of the risks at a day to day or operational/tactical level, without reference to this context, there is a danger that:

•   the strategic risks may be forgotten or missed, leading to gaps in risk coverage.

•   we will be reviewing and mitigating risks that are not significant to the organisation as a whole.

We therefore need a mechanism to connect and synchronise the strategic and operational/tactical risks and controls. This mechanism is often referred to as ERM, or Enterprise Risk ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required