Business Governance Expert |
Monitor changes in Governance Frameworks |
Monitor changes in best practices |
Consulted |
|
Monitor changes in Governance Frameworks |
Monitor changes in normative acts |
Consulted |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in organisational structure |
Consulted |
|
Perform Governance Framework gap analysis |
Analyse framework requirements |
Consulted |
|
Perform Governance Framework gap analysis |
Assess gaps in processes |
Consulted |
|
Perform Governance Framework gap analysis |
Assess of gaps in organisational structure |
Consulted |
|
Perform Governance Framework gap analysis |
Categorise framework requirements |
Consulted |
|
Perform Governance Framework gap analysis |
Create TO-BE model for processes |
Consulted |
|
Perform Governance Framework gap analysis |
Create TO-BE model in organisational structure |
Consulted |
|
Perform Governance Framework gap analysis |
Develop final report |
Consulted |
|
Perform Governance Framework gap analysis |
Identify affected areas in organisation |
Consulted |
|
Perform Governance Framework gap analysis |
Identify relevant variants within framework |
Consulted |
|
Perform Governance Framework gap analysis |
Include local framework adaptation |
Consulted |
|
Test Governance Framework environment |
Test infrastructure |
Consulted |
|
Test Governance Framework environment |
Test processes and procedures |
Consulted |
Internal/External Audit |
Assess risks ICS ERM |
Estimate likelihood and impact |
Consulted |
|
Assess risks ICS ERM |
Identify relevant process risks |
Consulted |
|
Define business controls ICS |
Define controls on manual procedure base |
Consulted |
|
IT Monitor and Review - CGF |
Internal Audit |
Reference |
|
IT Monitor and Review - ERM |
Internal Audit |
Reference |
|
IT Monitor and Review - ICS |
Internal Audit |
Reference |
|
Monitor business operations ICS ERM |
Internal Audit |
Reference |
|
Monitor business operations ICS ERM |
Perform separate evaluations |
Responsible |
|
Monitor IT operations ICS |
Internal Audit |
Reference |
|
Monitor IT operations ICS |
Perform separate evaluations |
Responsible |
|
Perform internal/external audit |
Certify |
Responsible |
|
Perform internal/external audit |
Inform auditor about audit readiness |
Informed |
|
Perform internal/external audit |
Inspect given areas |
Responsible |
|
Perform internal/external audit |
Internal/External audit |
Reference |
|
Perform internal/external audit |
Report deficiencies |
Responsible |
IT Expert |
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) |
Responsible |
|
Assess and evaluate IT risks ICS |
Evaluate risks for IT service(s) |
Responsible |
|
Assess and evaluate IT risks ICS |
IT Expert |
Reference |
|
Assess IT environment ICS |
Asses IT environment |
Responsible |
|
Assess IT environment ICS |
IT Expert |
Reference |
|
Assess risks ICS ERM |
Estimate likelihood and impact |
Consulted |
|
Assess risks ICS ERM |
IT Expert |
Reference |
|
Collect event details ICS |
Assign event to IT service/IT service process |
Consulted |
|
Define business controls ICS |
Assigning controls to the business processes |
Consulted |
|
Define IT controls ICS |
Assigning controls to the business processes |
Consulted |
|
Define IT controls ICS |
Configure IT service |
Responsible |
|
Define IT controls ICS |
Evaluate possible IT controls |
Informed |
|
Define IT controls ICS |
Identify IT control requirements |
Responsible |
|
Define IT controls ICS |
IT Expert |
Reference |
|
Define risk response ICS ERM |
Develop implementation plan |
Consulted |
|
Define risk response ICS ERM |
Implement plan |
Consulted |
|
Design IT service |
Define TO-BE applications landscape |
Responsible |
|
Design IT service |
Define TO-BE communication elements |
Responsible |
|
Design IT service |
Define TO-BE infrastructure elements |
Responsible |
|
Design IT service |
Define TO-BE IT service process |
Responsible |
|
Design IT service |
Design implementation scenarios |
Responsible |
|
Design IT service |
Evaluate implementation scenarios |
Responsible |
|
Design IT service |
IT Expert |
Reference |
|
Develop projects plans |
Split implement. into smaller projects |
Consulted |
|
Evaluate Framework implementation scenarios |
Align road map with company strategy |
Consulted |
|
Evaluate Framework implementation scenarios |
Decide on final vision |
Consulted |
|
Evaluate Framework implementation scenarios |
Develop business case |
Consulted |
|
Evaluate Framework implementation scenarios |
Develop different imp. scenarios |
Consulted |
|
Evaluate Framework implementation scenarios |
Develop rough road map |
Consulted |
|
Evaluate Framework implementation scenarios |
Identify dependencies |
Consulted |
|
Evaluate Framework implementation scenarios |
Prioritise actions |
Consulted |
|
Evaluate possible risk responses ICS ERM |
Evaluate possible IT actions |
Responsible |
|
Evaluate possible risk responses ICS ERM |
IT Expert |
Reference |
|
Execute projects |
IT Expert |
Reference |
|
Manage changes in environment |
Analyse changes in IT |
Consulted |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in IT |
Responsible |
|
Perform Governance Framework gap analysis |
Assess gaps in IT |
Responsible |
|
Perform Governance Framework gap analysis |
Create TO-BE model in IT |
Responsible |
|
Perform Governance Framework gap analysis |
Develop final report |
Consulted |
|
Perform Governance Framework gap analysis |
Formulate requirements on IT services |
Responsible |
|
Perform Governance Framework gap analysis |
IT Expert |
Reference |
|
Test Governance Framework environment |
Test infrastructure |
Consulted |
IT Governance Expert |
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) |
Consulted |
|
Assess and evaluate IT risks ICS |
Evaluate risks for IT service(s) |
Consulted |
|
Define IT controls ICS |
Configure IT service |
Consulted |
|
Define IT controls ICS |
Evaluate possible IT controls |
Responsible |
|
Define IT controls ICS |
Identify IT control requirements |
Consulted |
|
Design IT service |
Design implementation scenarios |
Consulted |
|
Design IT service |
Evaluate implementation scenarios |
Consulted |
|
Perform Governance Framework gap analysis |
Assess gaps in IT |
Consulted |
|
Perform Governance Framework gap analysis |
Create TO-BE model in IT |
Consulted |
|
Test Governance Framework environment |
Test infrastructure |
Consulted |
Management |
Analyse internal environment ICS ERM |
Align risk culture to ERM |
Responsible role |
Middle Management |
Analyse internal environment ICS ERM |
Align human resource policies and practices to ERM needs |
Responsible |
|
Analyse internal environment ICS ERM |
Align Organisational structure |
Responsible |
|
Analyse internal environment ICS ERM |
Align risk culture to ERM |
Responsible |
|
Analyse internal environment ICS ERM |
Assign authority and responsibility |
Responsible |
|
Analyse internal environment ICS ERM |
Create an effective environment |
Responsible |
|
Analyse internal environment ICS ERM |
Specify the competency levels for particular jobs |
Responsible |
|
Define business controls ICS |
Assigning controls to the business processes |
Responsible |
|
Define business controls ICS |
Define controls on manual procedure base |
Responsible |
|
Define business controls ICS |
Documentation of business process controls |
Responsible |
|
Define business controls ICS |
Evaluate applicable types of control activities |
Consulted |
|
Define business controls ICS |
Middle Management |
Reference |
|
Define IT controls ICS |
Assigning controls to the business processes |
Responsible |
|
Define IT controls ICS |
Documentation of IT process controls |
Responsible |
|
Define IT controls ICS |
Evaluate possible IT controls |
Consulted |
|
Develop projects plans |
Split implement. into smaller projects |
Consulted |
|
Document procedures and processes ICS ERM |
Check of documentation of all main procedures and processes |
Informed |
|
Document procedures and processes ICS ERM |
Check of documentation of all main procedures and processes |
Accountable |
|
Document procedures and processes ICS ERM |
Documentation of missing processes |
Accountable |
|
Document procedures and processes ICS ERM |
Documentation of missing processes |
Informed |
|
Establish control activities ICS ERM |
Establish entity specific controls |
Consulted |
|
Establish control activities ICS ERM |
Hold training sessions |
Accountable |
|
Establish control activities ICS ERM |
Implement internal controls |
Responsible |
|
Manage changes in environment |
Analyse changes in business processes |
Consulted |
|
Manage changes in environment |
Analyse changes in organisational structure |
Consulted |
|
Monitor business operations ICS ERM |
Report deficiencies upstream |
Responsible |
|
Monitor IT operations ICS |
Report deficiencies upstream |
Responsible |
|
Perform Governance Framework gap analysis |
Create TO-BE model for processes |
Consulted |
|
Perform Governance Framework gap analysis |
Create TO-BE model in IT |
Consulted |
|
Perform Governance Framework gap analysis |
Create TO-BE model in organisational structure |
Consulted |
|
Perform Governance Framework gap analysis |
Identify affected areas in organisation |
Consulted |
Process Expert |
Assess risks ICS ERM |
Assess correlation of risks |
Responsible |
|
Assess risks ICS ERM |
Estimate likelihood and impact |
Consulted |
|
Assess risks ICS ERM |
Identify relevant process risks |
Responsible |
|
Assess risks ICS ERM |
Process Expert |
Reference |
|
Collect event details ICS |
Assign event to business process |
Consulted |
|
Define risk response ICS ERM |
Develop implementation plan |
Consulted |
|
Define risk response ICS ERM |
Identify risk responses |
Consulted |
|
Define risk response ICS ERM |
Implement plan |
Consulted |
|
Develop projects plans |
Split implement. into smaller projects |
Consulted |
|
Document procedures and processes ICS ERM |
Check of documentation of all main procedures and processes |
Responsible |
|
Document procedures and processes ICS ERM |
Documentation of missing processes |
Responsible |
|
Document procedures and processes ICS ERM |
Process Expert |
Reference |
|
Evaluate Framework implementation scenarios |
Align road map with company strategy |
Consulted |
|
Evaluate Framework implementation scenarios |
Decide on final vision |
Consulted |
|
Evaluate Framework implementation scenarios |
Develop business case |
Consulted |
|
Evaluate Framework implementation scenarios |
Develop different imp. scenarios |
Consulted |
|
Evaluate Framework implementation scenarios |
Develop rough road map |
Consulted |
|
Evaluate Framework implementation scenarios |
Identify dependencies |
Consulted |
|
Evaluate Framework implementation scenarios |
Prioritise actions |
Consulted |
|
Evaluate possible risk responses ICS ERM |
Assess costs vs. benefits |
Consulted |
|
Evaluate possible risk responses ICS ERM |
Evaluate effect of response on likelihood and impact |
Consulted |
|
Manage changes in environment |
Analyse changes in business processes |
Consulted |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in organisational structure |
Consulted |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in processes |
Consulted |
|
Perform Governance Framework gap analysis |
Assess gaps in processes |
Consulted |
|
Perform Governance Framework gap analysis |
Assess of gaps in organisational structure |
Consulted |
|
Perform Governance Framework gap analysis |
Create TO-BE model for processes |
Consulted |
|
Perform Governance Framework gap analysis |
Create TO-BE model in organisational structure |
Consulted |
|
Perform Governance Framework gap analysis |
Develop final report |
Consulted |
|
Perform Governance Framework gap analysis |
Formulate req. on organisational structure |
Consulted |
Project Manager |
Develop projects plans |
Analyse dependencies with other projects |
Responsible |
|
Develop projects plans |
Identify projects steps and deliverables |
Responsible |
|
Develop projects plans |
Project Manager |
Reference |
|
Develop projects plans |
Schedule projects in details |
Responsible |
|
Evaluate Framework implementation scenarios |
Decide on final vision |
Responsible |
|
Execute projects |
Execute changes in organisational structure |
Accountable |
|
Execute projects |
Execute process changes |
Accountable |
|
Execute projects |
Identify deviations from agreed plan of implementation |
Accountable |
Project Team |
Develop projects plans |
Schedule projects in details |
Consulted |
|
Develop projects plans |
Split implement. into smaller projects |
Responsible |
|
Evaluate Framework implementation scenarios |
Align road map with company strategy |
Responsible |
|
Evaluate Framework implementation scenarios |
Decide on final vision |
Consulted |
|
Evaluate Framework implementation scenarios |
Develop business case |
Responsible |
|
Evaluate Framework implementation scenarios |
Develop different imp. scenarios |
Responsible |
|
Evaluate Framework implementation scenarios |
Develop rough road map |
Responsible |
|
Evaluate Framework implementation scenarios |
Identify dependencies |
Responsible |
|
Evaluate Framework implementation scenarios |
Prioritise actions |
Responsible |
|
Evaluate Framework implementation scenarios |
Project Team |
Reference |
|
Execute projects |
Execute changes in organisational structure |
Responsible |
|
Execute projects |
Execute process changes |
Responsible |
|
Execute projects |
Identify deviations from agreed plan of implementation |
Responsible |
|
Execute projects |
Project Team |
Reference |
|
Manage changes in environment |
Analyse changes in business processes |
Responsible |
|
Manage changes in environment |
Analyse changes in external environment |
Responsible |
|
Manage changes in environment |
Analyse changes in IT |
Responsible |
|
Manage changes in environment |
Analyse changes in organisational structure |
Responsible |
|
Manage changes in environment |
Project Team |
Reference |
|
Monitor changes in Governance Frameworks |
Monitor changes in best practices |
Responsible |
|
Monitor changes in Governance Frameworks |
Monitor changes in normative acts |
Responsible |
|
Monitor changes in Governance Frameworks |
Project Team |
Reference |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in IT |
Consulted |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in organisational structure |
Responsible |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in organisational structure |
Responsible role |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in processes |
Responsible |
|
Perform Governance Framework gap analysis |
Analyse framework requirements |
Responsible |
|
Perform Governance Framework gap analysis |
Assess gaps in IT |
Consulted |
|
Perform Governance Framework gap analysis |
Assess gaps in processes |
Responsible |
|
Perform Governance Framework gap analysis |
Assess of gaps in organisational structure |
Responsible |
|
Perform Governance Framework gap analysis |
Assess of gaps in organisational structure |
Responsible role |
|
Perform Governance Framework gap analysis |
Categorise framework requirements |
Responsible |
|
Perform Governance Framework gap analysis |
Create TO-BE model for processes |
Responsible |
|
Perform Governance Framework gap analysis |
Create TO-BE model in IT |
Consulted |
|
Perform Governance Framework gap analysis |
Create TO-BE model in organisational structure |
Responsible |
|
Perform Governance Framework gap analysis |
Create TO-BE model in organisational structure |
Responsible role |
|
Perform Governance Framework gap analysis |
Develop final report |
Consulted |
|
Perform Governance Framework gap analysis |
Develop final report |
Responsible |
|
Perform Governance Framework gap analysis |
Formulate req. on organisational structure |
Responsible |
|
Perform Governance Framework gap analysis |
Formulate requirements on IT services |
Consulted |
|
Perform Governance Framework gap analysis |
Identify affected areas in organisation |
Responsible |
|
Perform Governance Framework gap analysis |
Identify relevant variants within framework |
Responsible |
|
Perform Governance Framework gap analysis |
Include local framework adaptation |
Responsible |
|
Perform Governance Framework gap analysis |
Project Team |
Reference |
|
Perform internal/external audit |
Inform auditor about audit readiness |
Responsible |
|
Perform internal/external audit |
Project Team |
Reference |
|
Test Governance Framework environment |
Correct problems |
Responsible |
|
Test Governance Framework environment |
Evaluate test results |
Responsible |
|
Test Governance Framework environment |
Project Team |
Reference |
|
Test Governance Framework environment |
Test infrastructure |
Responsible |
|
Test Governance Framework environment |
Test processes and procedures |
Responsible |
Risk Manager |
Assess risks ICS ERM |
Assess correlation of risks |
Accountable |
|
Assess risks ICS ERM |
Estimate likelihood and impact |
Responsible |
|
Assess risks ICS ERM |
Estimate likelihood and impact |
Responsible role |
|
Assess risks ICS ERM |
Identify relevant process risks |
Accountable |
|
Assess risks ICS ERM |
Identify relevant process risks |
Responsible role |
|
Assess risks ICS ERM |
Identify relevant process risks |
Consulted |
|
Assess risks ICS ERM |
Risk Manager |
Reference |
|
Assess risks ICS ERM |
Use qualitative methodologies and techniques |
Responsible |
|
Assess risks ICS ERM |
Use quantitative methodologies and techniques |
Responsible |
|
Collect event details ICS |
Assign event to risk |
Consulted |
|
Collect event details ICS |
Record request for extension of risk catalogue |
Consulted |
|
Define business controls ICS |
Assigning controls to the business processes |
Consulted |
|
Define business controls ICS |
Define controls on manual procedure base |
Consulted |
|
Define IT controls ICS |
Assigning controls to the business processes |
Consulted |
|
Define IT controls ICS |
Evaluate possible IT controls |
Consulted |
|
Define IT controls ICS |
Identify IT control requirements |
Consulted |
|
Define risk response ICS ERM |
Develop implementation plan |
Accountable |
|
Define risk response ICS ERM |
Develop implementation plan |
Consulted |
|
Define risk response ICS ERM |
Implement plan |
Accountable |
|
Design IT service |
Evaluate implementation scenarios |
Consulted |
|
Evaluate possible risk responses ICS ERM |
Evaluate possible IT actions |
Accountable |
|
IT Definition of Scope and Framework - CGF |
Risk Manager |
Reference |
|
IT Definition of Scope and Framework - ERM |
Risk Manager |
Reference |
|
IT Definition of Scope and Framework - ICS |
Risk Manager |
Reference |
|
IT Risk Acceptance - CGF |
Risk Manager |
Reference |
|
IT Risk Acceptance - ERM |
Risk Manager |
Reference |
|
IT Risk Acceptance - ICS |
Risk Manager |
Reference |
|
IT Risk Assessment - CGF |
Risk Manager |
Reference |
|
IT Risk Assessment - ERM |
Risk Manager |
Reference |
|
IT Risk Assessment - ICS |
Risk Manager |
Reference |
|
IT Risk Communication - CGF |
Risk Manager |
Reference |
|
IT Risk Communication - ERM |
Risk Manager |
Reference |
|
IT Risk Communication - ICS |
Risk Manager |
Reference |
|
IT Risk Treatment - CGF |
Risk Manager |
Reference |
|
IT Risk Treatment - ERM |
Risk Manager |
Reference |
|
IT Risk Treatment - ICS |
Risk Manager |
Reference |
Risk officers |
Analyse internal environment ICS ERM |
Assess differences in environment and their impact on ERM |
Responsible |
|
Collect event details ICS |
Assign event to business process |
Responsible |
|
Collect event details ICS |
Assign event to IT service/IT service process |
Responsible |
|
Collect event details ICS |
Assign event to risk |
Responsible |
|
Collect event details ICS |
Record event details |
Responsible |
|
Collect event details ICS |
Record request for extension of risk catalogue |
Responsible |
|
Collect event details ICS |
Risk officers |
Reference |
|
Define business controls ICS |
Evaluate applicable types of control activities |
Responsible |
|
Define business controls ICS |
Risk officers |
Reference |
|
Define risk response ICS ERM |
Align responses within portfolio |
Responsible |
|
Define risk response ICS ERM |
Identify risk responses |
Responsible |
|
Define risk response ICS ERM |
Select response |
Responsible |
|
Develop reports |
Develop ad-hoc reports |
Consulted |
|
Develop reports |
Develop periodical reports |
Consulted |
|
Establish control activities ICS ERM |
Establish control baseline |
Responsible |
|
Establish control activities ICS ERM |
Establish entity specific controls |
Responsible |
|
Establish control activities ICS ERM |
Prioritise monitoring procedures |
Responsible |
|
Evaluate possible risk responses ICS ERM |
Assess costs vs. benefits |
Responsible |
|
Evaluate possible risk responses ICS ERM |
Evaluate effect of response on likelihood and impact |
Responsible |
|
Evaluate possible risk responses ICS ERM |
Identify opportunities in response options |
Responsible |
|
Evaluate possible risk responses ICS ERM |
Risk officers |
Reference |
|
Identify events ERM |
Categorise events |
Responsible |
|
Identify events ERM |
Consider range of potential events |
Responsible |
|
Identify events ERM |
Distinguish risks and opportunities |
Responsible |
|
Identify events ERM |
Establish event interdependencies |
Responsible |
|
Identify events ERM |
Establish factors influencing strategy and objectives |
Responsible |
|
Identify events ERM |
Risk officers |
Reference |
|
Identify events ERM |
Select event identification methodology and techniques |
Responsible |
Risk Owner |
Assess risks ICS ERM |
Estimate likelihood and impact |
Consulted |
|
Assess risks ICS ERM |
Identify relevant process risks |
Consulted |
|
Collect event details ICS |
Assign event to business process |
Consulted |
|
Collect event details ICS |
Assign event to IT service/IT service process |
Consulted |
|
Collect event details ICS |
Assign event to risk |
Consulted |
|
Collect event details ICS |
Record request for extension of risk catalogue |
Consulted |
|
Define business controls ICS |
Assigning controls to the business processes |
Consulted |
|
Define business controls ICS |
Define controls on manual procedure base |
Consulted |
|
Define IT controls ICS |
Assigning controls to the business processes |
Consulted |
|
Define risk response ICS ERM |
Develop implementation plan |
Responsible |
|
Define risk response ICS ERM |
Implement plan |
Responsible |
|
IT Risk Treatment - CGF |
Risk Owner |
Reference |
|
IT Risk Treatment - ERM |
Risk Owner |
Reference |
|
IT Risk Treatment - ICS |
Risk Owner |
Reference |
Senior Management |
Analyse internal environment ICS ERM |
Agree level of risk appetite |
Responsible |
|
Analyse internal environment ICS ERM |
Agree level of risk appetite |
Responsible role |
|
Analyse internal environment ICS ERM |
Align human resource policies and practices to ERM needs |
Accountable |
|
Analyse internal environment ICS ERM |
Align Organisational structure |
Accountable |
|
Analyse internal environment ICS ERM |
Align risk culture to ERM |
Accountable |
|
Analyse internal environment ICS ERM |
Assess differences in environment and their impact on ERM |
Accountable |
|
Analyse internal environment ICS ERM |
Assign authority and responsibility |
Accountable |
|
Analyse internal environment ICS ERM |
Create an effective environment |
Accountable |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy |
Responsible |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy |
Responsible role |
|
Analyse internal environment ICS ERM |
Ensure proper oversight from Board of Directors |
Responsible |
|
Analyse internal environment ICS ERM |
Ensure proper oversight from Board of Directors |
Responsible role |
|
Analyse internal environment ICS ERM |
Establish ethical values |
Responsible |
|
Assess IT environment ICS |
Asses IT environment |
Accountable |
|
Assess risks ICS ERM |
Estimate likelihood and impact |
Informed |
|
Assess risks ICS ERM |
Estimate likelihood and impact |
Accountable |
|
Assess risks ICS ERM |
Identify relevant process risks |
Informed |
|
Define business controls ICS |
Assigning controls to the business processes |
Accountable |
|
Define business controls ICS |
Define controls on manual procedure base |
Accountable |
|
Define business controls ICS |
Define controls on manual procedure base |
Informed |
|
Define IT controls ICS |
Assigning controls to the business processes |
Accountable |
|
Define risk response ICS ERM |
Implement plan |
Informed |
|
Develop projects plans |
Analyse dependencies with other projects |
Consulted |
|
Develop projects plans |
Identify projects steps and deliverables |
Consulted |
|
Disclose required information |
Disclose required information |
Consulted |
|
Establish control activities ICS ERM |
Prioritise monitoring procedures |
Consulted |
|
Evaluate Framework implementation scenarios |
Decide on final vision |
Consulted |
|
Identify events ERM |
Categorise events |
Accountable |
|
Identify events ERM |
Consider range of potential events |
Accountable |
|
Identify events ERM |
Distinguish risks and opportunities |
Accountable |
|
Identify events ERM |
Establish event interdependencies |
Accountable |
|
Identify events ERM |
Establish factors influencing strategy and objectives |
Accountable |
|
Identify events ERM |
Select event identification methodology and techniques |
Accountable |
|
Information & communication ICS ERM |
Align communication with ERM strategy |
Responsible |
|
Information & communication ICS ERM |
Maintain strategic and integrated systems |
Responsible |
|
Information & communication ICS ERM |
Provide actionable information |
Responsible |
|
Information & communication ICS ERM |
Senior Management |
Reference |
|
Manage changes in environment |
Analyse changes in external environment |
Consulted |
|
Set objective ICS ERM |
Align with strategy and risk appetite |
Responsible |
|
Set objective ICS ERM |
Ensure selected objectives support strategy |
Responsible |
|
Set objective ICS ERM |
Establish strategic objectives |
Responsible |
|
Set objective ICS ERM |
Identify critical success factors |
Responsible |
|
Set objective ICS ERM |
Senior Management |
Reference |
|
Set objective ICS ERM |
Set risk tolerances |
Responsible |
Staff |
Develop reports |
Develop ad-hoc reports |
Responsible |
|
Develop reports |
Develop periodical reports |
Responsible |
|
Disclose required information |
Disclose required information |
Responsible |
|
Disclose required information |
Staff |
Reference |
|
Establish control activities ICS ERM |
Hold training sessions |
Responsible |
|
Monitor business operations ICS ERM |
Perform ongoing monitoring activities |
Responsible |
|
Monitor IT operations ICS |
Perform ongoing monitoring activities |
Responsible |