Information Technology Reference
In-Depth Information
Fig. 3.
Conceptual Model for Risk Management
decisions to stakeholders”. A strong risk management structure can provide for
a better decision making and strategy setting.
Nowadays, risk management itself cannot take full advantage of its features.
It needs structured governance and compliance management in order to better
align business aims with risks and assist audit management in improving controls
which in turn will help detect and prevent risks. This way the organization as a
whole can benefit from all risk management capabilities.
So, in order to make risk management more effective in detecting and miti-
gating risks that can compromise the achievement of business goals, risk iden-
tification should be based on a holistic top-down approach by aligning risk
management with key corporate objectives defined by governance (see Fig. 3).
This approach enables risk management to be infused into the corporate culture,
quickly identifying gaps, while maintaining a proactive approach [24]. Accord-
ingly, risk appetite must be seen as a component of both the culture and strategy
of organizations.
By identifying information that is mutual or has influence between governance
and risk management, we can identify several specific points of integration:
1. The defined corporate objectives should be taken into consideration in the
identification of risks, adopting a top-down approach while avoiding an ex-
pensive and ineffective bottom-up approach;
