A conceptual model for enterprise risk management

摘要

Purpose The purpose of this paper is to ease the ISO 31000 standard understanding and provide mechanisms that allow organizations to adopt and adapt this standard to their reality. Design/methodology/approach The research methodology adopted in this research was the design science research methodology. Findings Key finding is that enterprise architecture (EA) models and EA tools can help reduce the complexity of the ISO 31000 standard and improve the communication between stakeholders. Practical implications - The research proposal serves the purpose of supporting the evidence collection for an enterprise risk management (ERM) initiative in an as-was, as-is, or to-be perspective. Originality/value Traditional ERM efforts operate on silos, limiting the sharing of risk information and the achievement of an organization-wide view of risks. EA can provide a common way to model complex business systems, from the strategic level to implementation details. This paper proposes the use of an EA model and an EA tool (Atlas) to represent ISO 31000, allowing a better understanding on the value of assets that can be affected from the manifestation of some risks over time.