Integration of Risk Management with Business Processes
This website summarises the results of the ENISA deliverables from the Work Programme 2007 with following titles:
- “Integration of RM/RA with Operation Processes” and
- “Integration of RM/RA into Business Governance”
These deliverables, defined in Work Programme as “Demonstrators of RM/RA in Business Processes”, had been conducted by ENISA in cooperation with BOC Germany as external contractor. These efforts were initiated with respect to the main task of ENISA: ensuring a high and effective level of network and information security within the European Union. In particular within this and other ENISA efforts the integration of IT Risk Management with other relevant disciplines has been addressed.
The aim of these projects is to identify interfaces between the processes described in the ENISA Risk Management/Risk Assessment Framework and selected operational IT processes and Governance Frameworks. By having available a comprehensive documentation of such interfaces, an organisation is going to be able to plan the implementation of an integrated IT Risk Management, improve the overall effectiveness of its business processes, and enhance the quality of its IT Risk Management.
The results generated are available in the form of ADOit® process models as well as in the form of this site. The developed process models consist of the ENISA RM/RA Framework, selected operational IT processes, selected Governance Frameworks and their interface descriptions (i.e. the integration method).
The present results are mainly targeted to staff members who play a significant role in the area of IT-Security, Risk Management and IT Governance in general, as well as persons accountable for certain operational processes including the handling of operational and IT risks.
The benefits an organisation may expect from the delivered results can be summarised as follows:
- a better guidance along the IT Risk Management integration process,
- a better quality of IT Risk Management, especially with respect to the handling of risks from IT operations and Regulations compliance,
- a better protection against disastrous incidents emanating from operations, which may cause severe damage to the organisation,
- an improved alignment with respect to compliance with IT governance frameworks like ITIL, project risks but also Governance Frameworks like e.g. SOX, Euro-SOX and Basel II and
- an overall advantage regarding competitive edge compared to business rivals.