In a connected world, multiple tools and tactics can be deployed to lower the risk of cyber-aggression disrupting business. There remains a residual risk that an attack, infiltration or unintended process failure can lead to loss of systems or data, privacy breaches and theft of IP, resulting in damage or even business failure. Implementation of an Enterprise Risk and Assurance Management (ERAM) framework is recommended for all organisations. If used it is a wide and deep capability to reduce the likelihood and impact of cyber-aggression or process failure. In many cases the framework identifies an appetite for risk taking, in contrast to traditional risk avoidance. If utilised well a structured, phased approach can help to manage risk and protect value:
Implementation of a comprehensive ERAM framework presents several challenges:
Why Enterprise – why not just Risk Management? Enterprise risk and assurance management comprises:
How does it work? Implementing Enterprise Risk and Assurance Management is a five step programme and, unlike other enterprise-wide initiatives, business units can be at differing stages of achievement of the plan. The Resolution8 model distinguishes phases which are flexible enough to take into account the varying stages of evolution of ERAM across the business. The five standard steps of a continuously improving Enterprise Risk and Assurance Management programme are:
If you would like to know more, or even have a current concern which needs support, get in touch: [email protected]
0 Comments
|
AUTHORS.
Peter Gilbert is the Director of Resolution8 and has a passion for good project delivery. ARCHIVES.
August 2024
CATEGORIES. |