Business architecture viewRisk must be carefully monitored (through data collection), evaluated and acted upon. This means (see also the illustration below):
- Enterprise business functions should be enriched to generate the risk-related data.
- Those risk-related data need to be collected at the enterprise data warehouse together with other business data.
- Some business processes need to be updated to embed risk-related activities.
- A set of risk-related rules, logic and risk-related knowledge should be able to use the risk-related and other business data to detect acceptable limits of risk as well as interdependencies and correlations between different risks.
- Some business processes for risk mitigation maybe automatically activated.
- A lot of risk-related indicators, alerts should be available in the form of dashboards and reports available for different staff members.
- Staff members should be able to initiate business processes based on the observed risk-related information.
Business-generic capabilities involvedThe following business-generic capabilities are involved in the ERM platform:
- Management by processes
- Efficient data gathering channels
- Single version of truth for data
- Ingesting (into the data warehouse) of external information
- Efficient dissemination channels
- Effortless collaboration within groups / communities of practices
- Formalized business logic
Supremacy of management by processesManaging any work by processes is the key business capability with allows to address the risk-related issues in a proactive manner. The risk is strongly related to how the business processes are carried out. By understanding a process (i.e. through being able to simulate it) the business may predict how the risk is changing during the execution of that process. The explicit description of processes permits to add a few “check-points” within any process to examine its risk-related “health”.
Business processes act as a skeleton to which the enterprise adds risk management (as shown on the picture below) – each usual activity is enriched by risk-related monitoring and evaluation.
The risk evaluation may initiate some risk mitigation processes. The risk evaluation may be as complex as necessary, and it may include simulations (e.g. value at risk and stress testing), and the conduct of statistical and scenario analysis.
IT-generic capabilities involvedThe following IT-generic capabilities are involved into the ERM platform:
- Enterprise resource planning platform
- Data analytic
- Business process management platform
- Business intelligence platform
- Business rules management platform
- Document management platform
- Corporate portal