A conceptual model for enterprise risk management
Journal of Enterprise Information Management
ISSN: 1741-0398
Article publication date: 13 August 2019
Issue publication date: 21 August 2019
Abstract
Purpose
The purpose of this paper is to ease the ISO 31000 standard understanding and provide mechanisms that allow organizations to adopt and adapt this standard to their reality.
Design/methodology/approach
The research methodology adopted in this research was the design science research methodology.
Findings
Key finding is that enterprise architecture (EA) models and EA tools can help reduce the complexity of the ISO 31000 standard and improve the communication between stakeholders.
Practical implications
The research proposal serves the purpose of supporting the evidence collection for an enterprise risk management (ERM) initiative in an as-was, as-is, or to-be perspective.
Originality/value
Traditional ERM efforts operate on silos, limiting the sharing of risk information and the achievement of an organization-wide view of risks. EA can provide a common way to model complex business systems, from the strategic level to implementation details. This paper proposes the use of an EA model and an EA tool (Atlas) to represent ISO 31000, allowing a better understanding on the value of assets that can be affected from the manifestation of some risks over time.
Keywords
Citation
Almeida, R., Teixeira, J.M., Mira da Silva, M. and Faroleiro, P. (2019), "A conceptual model for enterprise risk management", Journal of Enterprise Information Management, Vol. 32 No. 5, pp. 843-868. https://doi.org/10.1108/JEIM-05-2018-0097
Publisher
:Emerald Publishing Limited
Copyright © 2019, Emerald Publishing Limited