Integrated management of risk information

Abstract

Today's competitive environment requires effective risk management activities to create prevention and control mechanisms to address the risks attached to specific activities and valuable assets. One of the main challenges in this area is concerned with the analysis and modeling of risks, which increases with the fact that current efforts tend to operate in silos with narrowly focused, functionally driven, and disjointed activities. This leads to a fragmented view of risks, where each activity uses its own language, customs and metrics. The lack of interconnection and holistic view of risks limits an organization-wide perception of risks, where interdependent risks are not anticipated, controlled or managed. In order to address the Risk Management interoperability and standardization issues, this paper proposes an alignment between Risk Management, Governance and Enterprise Architecture activities, providing a systematic support to map and trace identified risks to enterprise artifacts modeled within the Enterprise Architecture, supporting the overall strategy and governance of any organization. We propose an architecture where risks are defined through a XML-based domain specific language, and integrated with a Metadata Registry to handle risk concerns in the overall organization environment.