Object Referenced from model Referenced from object Referenced from attribute
Business Governance Expert Monitor changes in Governance Frameworks Monitor changes in best practices Consulted
Monitor changes in Governance Frameworks Monitor changes in normative acts Consulted
Perform Governance Framework gap analysis Analyse AS-IS state in organisational structure Consulted
Perform Governance Framework gap analysis Analyse framework requirements Consulted
Perform Governance Framework gap analysis Assess gaps in processes Consulted
Perform Governance Framework gap analysis Assess of gaps in organisational structure Consulted
Perform Governance Framework gap analysis Categorise framework requirements Consulted
Perform Governance Framework gap analysis Create TO-BE model for processes Consulted
Perform Governance Framework gap analysis Create TO-BE model in organisational structure Consulted
Perform Governance Framework gap analysis Develop final report Consulted
Perform Governance Framework gap analysis Identify affected areas in organisation Consulted
Perform Governance Framework gap analysis Identify relevant variants within framework Consulted
Perform Governance Framework gap analysis Include local framework adaptation Consulted
Test Governance Framework environment Test infrastructure Consulted
Test Governance Framework environment Test processes and procedures Consulted
Internal/External Audit Assess risks ICS ERM Estimate likelihood and impact Consulted
Assess risks ICS ERM Identify relevant process risks Consulted
Define business controls ICS Define controls on manual procedure base Consulted
IT Monitor and Review - CGF Internal Audit Reference
IT Monitor and Review - ERM Internal Audit Reference
IT Monitor and Review - ICS Internal Audit Reference
Monitor business operations ICS ERM Internal Audit Reference
Monitor business operations ICS ERM Perform separate evaluations Responsible
Monitor IT operations ICS Internal Audit Reference
Monitor IT operations ICS Perform separate evaluations Responsible
Perform internal/external audit Certify Responsible
Perform internal/external audit Inform auditor about audit readiness Informed
Perform internal/external audit Inspect given areas Responsible
Perform internal/external audit Internal/External audit Reference
Perform internal/external audit Report deficiencies Responsible
IT Expert Assess and evaluate IT risks ICS Assess risks in IT service(s) Responsible
Assess and evaluate IT risks ICS Evaluate risks for IT service(s) Responsible
Assess and evaluate IT risks ICS IT Expert Reference
Assess IT environment ICS Asses IT environment Responsible
Assess IT environment ICS IT Expert Reference
Assess risks ICS ERM Estimate likelihood and impact Consulted
Assess risks ICS ERM IT Expert Reference
Collect event details ICS Assign event to IT service/IT service process Consulted
Define business controls ICS Assigning controls to the business processes Consulted
Define IT controls ICS Assigning controls to the business processes Consulted
Define IT controls ICS Configure IT service Responsible
Define IT controls ICS Evaluate possible IT controls Informed
Define IT controls ICS Identify IT control requirements Responsible
Define IT controls ICS IT Expert Reference
Define risk response ICS ERM Develop implementation plan Consulted
Define risk response ICS ERM Implement plan Consulted
Design IT service Define TO-BE applications landscape Responsible
Design IT service Define TO-BE communication elements Responsible
Design IT service Define TO-BE infrastructure elements Responsible
Design IT service Define TO-BE IT service process Responsible
Design IT service Design implementation scenarios Responsible
Design IT service Evaluate implementation scenarios Responsible
Design IT service IT Expert Reference
Develop projects plans Split implement. into smaller projects Consulted
Evaluate Framework implementation scenarios Align road map with company strategy Consulted
Evaluate Framework implementation scenarios Decide on final vision Consulted
Evaluate Framework implementation scenarios Develop business case Consulted
Evaluate Framework implementation scenarios Develop different imp. scenarios Consulted
Evaluate Framework implementation scenarios Develop rough road map Consulted
Evaluate Framework implementation scenarios Identify dependencies Consulted
Evaluate Framework implementation scenarios Prioritise actions Consulted
Evaluate possible risk responses ICS ERM Evaluate possible IT actions Responsible
Evaluate possible risk responses ICS ERM IT Expert Reference
Execute projects IT Expert Reference
Manage changes in environment Analyse changes in IT Consulted
Perform Governance Framework gap analysis Analyse AS-IS state in IT Responsible
Perform Governance Framework gap analysis Assess gaps in IT Responsible
Perform Governance Framework gap analysis Create TO-BE model in IT Responsible
Perform Governance Framework gap analysis Develop final report Consulted
Perform Governance Framework gap analysis Formulate requirements on IT services Responsible
Perform Governance Framework gap analysis IT Expert Reference
Test Governance Framework environment Test infrastructure Consulted
IT Governance Expert Assess and evaluate IT risks ICS Assess risks in IT service(s) Consulted
Assess and evaluate IT risks ICS Evaluate risks for IT service(s) Consulted
Define IT controls ICS Configure IT service Consulted
Define IT controls ICS Evaluate possible IT controls Responsible
Define IT controls ICS Identify IT control requirements Consulted
Design IT service Design implementation scenarios Consulted
Design IT service Evaluate implementation scenarios Consulted
Perform Governance Framework gap analysis Assess gaps in IT Consulted
Perform Governance Framework gap analysis Create TO-BE model in IT Consulted
Test Governance Framework environment Test infrastructure Consulted
Management Analyse internal environment ICS ERM Align risk culture to ERM Responsible role
Middle Management Analyse internal environment ICS ERM Align human resource policies and practices to ERM needs Responsible
Analyse internal environment ICS ERM Align Organisational structure Responsible
Analyse internal environment ICS ERM Align risk culture to ERM Responsible
Analyse internal environment ICS ERM Assign authority and responsibility Responsible
Analyse internal environment ICS ERM Create an effective environment Responsible
Analyse internal environment ICS ERM Specify the competency levels for particular jobs Responsible
Define business controls ICS Assigning controls to the business processes Responsible
Define business controls ICS Define controls on manual procedure base Responsible
Define business controls ICS Documentation of business process controls Responsible
Define business controls ICS Evaluate applicable types of control activities Consulted
Define business controls ICS Middle Management Reference
Define IT controls ICS Assigning controls to the business processes Responsible
Define IT controls ICS Documentation of IT process controls Responsible
Define IT controls ICS Evaluate possible IT controls Consulted
Develop projects plans Split implement. into smaller projects Consulted
Document procedures and processes ICS ERM Check of documentation of all main procedures and processes Informed
Document procedures and processes ICS ERM Check of documentation of all main procedures and processes Accountable
Document procedures and processes ICS ERM Documentation of missing processes Accountable
Document procedures and processes ICS ERM Documentation of missing processes Informed
Establish control activities ICS ERM Establish entity specific controls Consulted
Establish control activities ICS ERM Hold training sessions Accountable
Establish control activities ICS ERM Implement internal controls Responsible
Manage changes in environment Analyse changes in business processes Consulted
Manage changes in environment Analyse changes in organisational structure Consulted
Monitor business operations ICS ERM Report deficiencies upstream Responsible
Monitor IT operations ICS Report deficiencies upstream Responsible
Perform Governance Framework gap analysis Create TO-BE model for processes Consulted
Perform Governance Framework gap analysis Create TO-BE model in IT Consulted
Perform Governance Framework gap analysis Create TO-BE model in organisational structure Consulted
Perform Governance Framework gap analysis Identify affected areas in organisation Consulted
Process Expert Assess risks ICS ERM Assess correlation of risks Responsible
Assess risks ICS ERM Estimate likelihood and impact Consulted
Assess risks ICS ERM Identify relevant process risks Responsible
Assess risks ICS ERM Process Expert Reference
Collect event details ICS Assign event to business process Consulted
Define risk response ICS ERM Develop implementation plan Consulted
Define risk response ICS ERM Identify risk responses Consulted
Define risk response ICS ERM Implement plan Consulted
Develop projects plans Split implement. into smaller projects Consulted
Document procedures and processes ICS ERM Check of documentation of all main procedures and processes Responsible
Document procedures and processes ICS ERM Documentation of missing processes Responsible
Document procedures and processes ICS ERM Process Expert Reference
Evaluate Framework implementation scenarios Align road map with company strategy Consulted
Evaluate Framework implementation scenarios Decide on final vision Consulted
Evaluate Framework implementation scenarios Develop business case Consulted
Evaluate Framework implementation scenarios Develop different imp. scenarios Consulted
Evaluate Framework implementation scenarios Develop rough road map Consulted
Evaluate Framework implementation scenarios Identify dependencies Consulted
Evaluate Framework implementation scenarios Prioritise actions Consulted
Evaluate possible risk responses ICS ERM Assess costs vs. benefits Consulted
Evaluate possible risk responses ICS ERM Evaluate effect of response on likelihood and impact Consulted
Manage changes in environment Analyse changes in business processes Consulted
Perform Governance Framework gap analysis Analyse AS-IS state in organisational structure Consulted
Perform Governance Framework gap analysis Analyse AS-IS state in processes Consulted
Perform Governance Framework gap analysis Assess gaps in processes Consulted
Perform Governance Framework gap analysis Assess of gaps in organisational structure Consulted
Perform Governance Framework gap analysis Create TO-BE model for processes Consulted
Perform Governance Framework gap analysis Create TO-BE model in organisational structure Consulted
Perform Governance Framework gap analysis Develop final report Consulted
Perform Governance Framework gap analysis Formulate req. on organisational structure Consulted
Project Manager Develop projects plans Analyse dependencies with other projects Responsible
Develop projects plans Identify projects steps and deliverables Responsible
Develop projects plans Project Manager Reference
Develop projects plans Schedule projects in details Responsible
Evaluate Framework implementation scenarios Decide on final vision Responsible
Execute projects Execute changes in organisational structure Accountable
Execute projects Execute process changes Accountable
Execute projects Identify deviations from agreed plan of implementation Accountable
Project Team Develop projects plans Schedule projects in details Consulted
Develop projects plans Split implement. into smaller projects Responsible
Evaluate Framework implementation scenarios Align road map with company strategy Responsible
Evaluate Framework implementation scenarios Decide on final vision Consulted
Evaluate Framework implementation scenarios Develop business case Responsible
Evaluate Framework implementation scenarios Develop different imp. scenarios Responsible
Evaluate Framework implementation scenarios Develop rough road map Responsible
Evaluate Framework implementation scenarios Identify dependencies Responsible
Evaluate Framework implementation scenarios Prioritise actions Responsible
Evaluate Framework implementation scenarios Project Team Reference
Execute projects Execute changes in organisational structure Responsible
Execute projects Execute process changes Responsible
Execute projects Identify deviations from agreed plan of implementation Responsible
Execute projects Project Team Reference
Manage changes in environment Analyse changes in business processes Responsible
Manage changes in environment Analyse changes in external environment Responsible
Manage changes in environment Analyse changes in IT Responsible
Manage changes in environment Analyse changes in organisational structure Responsible
Manage changes in environment Project Team Reference
Monitor changes in Governance Frameworks Monitor changes in best practices Responsible
Monitor changes in Governance Frameworks Monitor changes in normative acts Responsible
Monitor changes in Governance Frameworks Project Team Reference
Perform Governance Framework gap analysis Analyse AS-IS state in IT Consulted
Perform Governance Framework gap analysis Analyse AS-IS state in organisational structure Responsible
Perform Governance Framework gap analysis Analyse AS-IS state in organisational structure Responsible role
Perform Governance Framework gap analysis Analyse AS-IS state in processes Responsible
Perform Governance Framework gap analysis Analyse framework requirements Responsible
Perform Governance Framework gap analysis Assess gaps in IT Consulted
Perform Governance Framework gap analysis Assess gaps in processes Responsible
Perform Governance Framework gap analysis Assess of gaps in organisational structure Responsible
Perform Governance Framework gap analysis Assess of gaps in organisational structure Responsible role
Perform Governance Framework gap analysis Categorise framework requirements Responsible
Perform Governance Framework gap analysis Create TO-BE model for processes Responsible
Perform Governance Framework gap analysis Create TO-BE model in IT Consulted
Perform Governance Framework gap analysis Create TO-BE model in organisational structure Responsible
Perform Governance Framework gap analysis Create TO-BE model in organisational structure Responsible role
Perform Governance Framework gap analysis Develop final report Consulted
Perform Governance Framework gap analysis Develop final report Responsible
Perform Governance Framework gap analysis Formulate req. on organisational structure Responsible
Perform Governance Framework gap analysis Formulate requirements on IT services Consulted
Perform Governance Framework gap analysis Identify affected areas in organisation Responsible
Perform Governance Framework gap analysis Identify relevant variants within framework Responsible
Perform Governance Framework gap analysis Include local framework adaptation Responsible
Perform Governance Framework gap analysis Project Team Reference
Perform internal/external audit Inform auditor about audit readiness Responsible
Perform internal/external audit Project Team Reference
Test Governance Framework environment Correct problems Responsible
Test Governance Framework environment Evaluate test results Responsible
Test Governance Framework environment Project Team Reference
Test Governance Framework environment Test infrastructure Responsible
Test Governance Framework environment Test processes and procedures Responsible
Risk Manager Assess risks ICS ERM Assess correlation of risks Accountable
Assess risks ICS ERM Estimate likelihood and impact Responsible
Assess risks ICS ERM Estimate likelihood and impact Responsible role
Assess risks ICS ERM Identify relevant process risks Accountable
Assess risks ICS ERM Identify relevant process risks Responsible role
Assess risks ICS ERM Identify relevant process risks Consulted
Assess risks ICS ERM Risk Manager Reference
Assess risks ICS ERM Use qualitative methodologies and techniques Responsible
Assess risks ICS ERM Use quantitative methodologies and techniques Responsible
Collect event details ICS Assign event to risk Consulted
Collect event details ICS Record request for extension of risk catalogue Consulted
Define business controls ICS Assigning controls to the business processes Consulted
Define business controls ICS Define controls on manual procedure base Consulted
Define IT controls ICS Assigning controls to the business processes Consulted
Define IT controls ICS Evaluate possible IT controls Consulted
Define IT controls ICS Identify IT control requirements Consulted
Define risk response ICS ERM Develop implementation plan Accountable
Define risk response ICS ERM Develop implementation plan Consulted
Define risk response ICS ERM Implement plan Accountable
Design IT service Evaluate implementation scenarios Consulted
Evaluate possible risk responses ICS ERM Evaluate possible IT actions Accountable
IT Definition of Scope and Framework - CGF Risk Manager Reference
IT Definition of Scope and Framework - ERM Risk Manager Reference
IT Definition of Scope and Framework - ICS Risk Manager Reference
IT Risk Acceptance - CGF Risk Manager Reference
IT Risk Acceptance - ERM Risk Manager Reference
IT Risk Acceptance - ICS Risk Manager Reference
IT Risk Assessment - CGF Risk Manager Reference
IT Risk Assessment - ERM Risk Manager Reference
IT Risk Assessment - ICS Risk Manager Reference
IT Risk Communication - CGF Risk Manager Reference
IT Risk Communication - ERM Risk Manager Reference
IT Risk Communication - ICS Risk Manager Reference
IT Risk Treatment - CGF Risk Manager Reference
IT Risk Treatment - ERM Risk Manager Reference
IT Risk Treatment - ICS Risk Manager Reference
Risk officers Analyse internal environment ICS ERM Assess differences in environment and their impact on ERM Responsible
Collect event details ICS Assign event to business process Responsible
Collect event details ICS Assign event to IT service/IT service process Responsible
Collect event details ICS Assign event to risk Responsible
Collect event details ICS Record event details Responsible
Collect event details ICS Record request for extension of risk catalogue Responsible
Collect event details ICS Risk officers Reference
Define business controls ICS Evaluate applicable types of control activities Responsible
Define business controls ICS Risk officers Reference
Define risk response ICS ERM Align responses within portfolio Responsible
Define risk response ICS ERM Identify risk responses Responsible
Define risk response ICS ERM Select response Responsible
Develop reports Develop ad-hoc reports Consulted
Develop reports Develop periodical reports Consulted
Establish control activities ICS ERM Establish control baseline Responsible
Establish control activities ICS ERM Establish entity specific controls Responsible
Establish control activities ICS ERM Prioritise monitoring procedures Responsible
Evaluate possible risk responses ICS ERM Assess costs vs. benefits Responsible
Evaluate possible risk responses ICS ERM Evaluate effect of response on likelihood and impact Responsible
Evaluate possible risk responses ICS ERM Identify opportunities in response options Responsible
Evaluate possible risk responses ICS ERM Risk officers Reference
Identify events ERM Categorise events Responsible
Identify events ERM Consider range of potential events Responsible
Identify events ERM Distinguish risks and opportunities Responsible
Identify events ERM Establish event interdependencies Responsible
Identify events ERM Establish factors influencing strategy and objectives Responsible
Identify events ERM Risk officers Reference
Identify events ERM Select event identification methodology and techniques Responsible
Risk Owner Assess risks ICS ERM Estimate likelihood and impact Consulted
Assess risks ICS ERM Identify relevant process risks Consulted
Collect event details ICS Assign event to business process Consulted
Collect event details ICS Assign event to IT service/IT service process Consulted
Collect event details ICS Assign event to risk Consulted
Collect event details ICS Record request for extension of risk catalogue Consulted
Define business controls ICS Assigning controls to the business processes Consulted
Define business controls ICS Define controls on manual procedure base Consulted
Define IT controls ICS Assigning controls to the business processes Consulted
Define risk response ICS ERM Develop implementation plan Responsible
Define risk response ICS ERM Implement plan Responsible
IT Risk Treatment - CGF Risk Owner Reference
IT Risk Treatment - ERM Risk Owner Reference
IT Risk Treatment - ICS Risk Owner Reference
Senior Management Analyse internal environment ICS ERM Agree level of risk appetite Responsible
Analyse internal environment ICS ERM Agree level of risk appetite Responsible role
Analyse internal environment ICS ERM Align human resource policies and practices to ERM needs Accountable
Analyse internal environment ICS ERM Align Organisational structure Accountable
Analyse internal environment ICS ERM Align risk culture to ERM Accountable
Analyse internal environment ICS ERM Assess differences in environment and their impact on ERM Accountable
Analyse internal environment ICS ERM Assign authority and responsibility Accountable
Analyse internal environment ICS ERM Create an effective environment Accountable
Analyse internal environment ICS ERM Create common view on enterprise risk management philosophy Responsible
Analyse internal environment ICS ERM Create common view on enterprise risk management philosophy Responsible role
Analyse internal environment ICS ERM Ensure proper oversight from Board of Directors Responsible
Analyse internal environment ICS ERM Ensure proper oversight from Board of Directors Responsible role
Analyse internal environment ICS ERM Establish ethical values Responsible
Assess IT environment ICS Asses IT environment Accountable
Assess risks ICS ERM Estimate likelihood and impact Informed
Assess risks ICS ERM Estimate likelihood and impact Accountable
Assess risks ICS ERM Identify relevant process risks Informed
Define business controls ICS Assigning controls to the business processes Accountable
Define business controls ICS Define controls on manual procedure base Accountable
Define business controls ICS Define controls on manual procedure base Informed
Define IT controls ICS Assigning controls to the business processes Accountable
Define risk response ICS ERM Implement plan Informed
Develop projects plans Analyse dependencies with other projects Consulted
Develop projects plans Identify projects steps and deliverables Consulted
Disclose required information Disclose required information Consulted
Establish control activities ICS ERM Prioritise monitoring procedures Consulted
Evaluate Framework implementation scenarios Decide on final vision Consulted
Identify events ERM Categorise events Accountable
Identify events ERM Consider range of potential events Accountable
Identify events ERM Distinguish risks and opportunities Accountable
Identify events ERM Establish event interdependencies Accountable
Identify events ERM Establish factors influencing strategy and objectives Accountable
Identify events ERM Select event identification methodology and techniques Accountable
Information & communication ICS ERM Align communication with ERM strategy Responsible
Information & communication ICS ERM Maintain strategic and integrated systems Responsible
Information & communication ICS ERM Provide actionable information Responsible
Information & communication ICS ERM Senior Management Reference
Manage changes in environment Analyse changes in external environment Consulted
Set objective ICS ERM Align with strategy and risk appetite Responsible
Set objective ICS ERM Ensure selected objectives support strategy Responsible
Set objective ICS ERM Establish strategic objectives Responsible
Set objective ICS ERM Identify critical success factors Responsible
Set objective ICS ERM Senior Management Reference
Set objective ICS ERM Set risk tolerances Responsible
Staff Develop reports Develop ad-hoc reports Responsible
Develop reports Develop periodical reports Responsible
Disclose required information Disclose required information Responsible
Disclose required information Staff Reference
Establish control activities ICS ERM Hold training sessions Responsible
Monitor business operations ICS ERM Perform ongoing monitoring activities Responsible
Monitor IT operations ICS Perform ongoing monitoring activities Responsible