Manage Risks through the Enterprise Architecture

Abstract

The goal of Risk Management activities is to define prevention and control mechanisms to address the risks attached to specify activities and valuable assets. Many Risk Management efforts operate in silos with narrowly focused, functionally driven, and disjointed activities. That fact leads to a fragmented view of risks, where each activity uses its own language, customs and metrics. The lack of interconnection and holistic view of risks limits an organization-wide perception of risks, where interdependent risks are not anticipated, controlled or managed. In order to address the Risk Management interoperability and standardization issues, this paper proposes an alignment between Risk Management, Governance and Enterprise Architecture activities, providing a systematic support to map and trace identified risks to enterprise artifacts modeled within the Enterprise Architecture, supporting the overall strategy of any organization. We discuss the main relationships between Risk Management and Enterprise Architecture and propose an architecture to integrate risks concerns into the overall organization environment.