Design (process flow)
Implementation of Business Governance - design level (process flow)
The figure presents in an abstract form the components of the delivered process models for the generic Governance Framework implementation at the Design level. The structure of the figure follows the idea created for the conceptual representation and the contents are available in form of a model that is part of this deliverable.
The following processes were identified:
- Perform Governance Framework gap analysis – in this process gaps between processes, IT services and organisational structure and Governance Frameworks requirements are determined.
- Evaluate (Governance) Framework implementation scenarios – various scenarios can result both from different variants in Governance Framework requirements (e.g. BASEL II requirements regarding the measurement of operational risks) as well as different implementation approaches the particular company could select for the same requirement. These scenarios are evaluated in this process.
- Develop project plans – Governance Framework requirements affect different areas of company and may run within smaller, dedicated implementation efforts (e.g. small projects). Plans for these projects (including analysis of dependencies) are developed in this step.
- Execute projects – projects described in the previous step are executed here. If the change in IT service is required, the process moves to the Design IT service and consequently to the process Develop IT service.
- Design Internal Control System - in parallel to Develop project plans, the Internal Control System is designed. For the detailed description of the ICS design and execution process, please refer to ICS section.
- Test Governance Framework environment – after implementation of Governance Framework requirements, the modified processes and IT services should be tested.
- Perform internal/external audit – the audit checks the alignment of a company with Framework requirements. Depending on Governance Framework, the audit can be performed by an external institution or using the company’s internal resources.
-
Interoperable EU Risk Management ToolboxThis document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information...
-
Interoperable EU Risk Management FrameworkThis report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents...