Lifecycle
The implementation of Business Governance is not a one-time event but a continuous activity aiming at the systematic improvement of alignment/compliance with Corporate Governance requirements. The continuous improvement activity of Business Governance embraces all components of Governance Frameworks including ICS, ERM and IT RM/RA at both the design and execution levels.
The figure presents a schematic overview of the Business Governance life cycle.
Following the main elements of a Business Governance life cycle have been identified:
- Cycle of business process and IT services (light-gray objects). Triggered by Governance Frameworks requirements, different business processes and IT services are modified and implemented. These processes are executed and IT services are delivered in the execution phase. As a result of requirements modifications (e.g. new law) or changes in the company (new products, new markets, etc), an adaptation of processes and IT services might be necessary again.
- The ICS (blue objects) has its own cycle. It is designed to control alignment with Governance Framework regulations but it also controls other aspects (e.g. conformity with national law, etc). Therefore it is expected that in the design phase the ICS will rather be adapted and extended to meet Business Governance requirements instead of creating a new ICS. In the execution phase, different aspects of the company are monitored. As a result, ICS could be adapted (e.g. to improve measurement system).
- The figure below presents a detailed life cycle of the ICS. It should be noted that the Information and communication component is present at both levels and enables the communication between design and execution
- Enterprise Risk Management also follows the cycle described in detail in before. There is an information flow between ERM and design and execution of business process, IT services and ICS (represented by grey arrows). These interfaces are out of scope in the Project. However, some ERM processes are identical with ICS processes, which are represented in process documentation using the references between these processes.
- The IT RM/RA Framework cycleRisk Management Inventory is described in relative section. The red arrows show the information flow between Governance Framework processes and IT RM/RA Framework. These are the interfaces representing integration of these two elements. The interfaces are built based on the same concept as in the other ENISA project Demonstrators of RM/RA in business processes.
-
Interoperable EU Risk Management ToolboxThis document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information...
-
Interoperable EU Risk Management FrameworkThis report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents...