Actionable information |
Information & communication ICS ERM |
Inf2 |
Data |
|
Information & communication ICS ERM |
Provide actionable information |
Output data |
|
Information & communication ICS ERM |
Provide actionable information DP |
Mapping Target |
|
Information & communication ICS ERM |
Provide actionable information DP |
Mapping Target |
|
Information & communication ICS ERM |
Provide actionable information DP |
Mapping Target |
|
IT Risk Communication - ICS |
A.15 Risk communication - risk awareness - consulting DP |
Mapping Source |
|
IT Risk Communication - ICS |
Exchange Data2 |
Data |
Action plan |
Define risk response ICS ERM |
Align responses within portfolio |
Output data |
|
Define risk response ICS ERM |
Align responses within portfolio |
Input data |
|
Define risk response ICS ERM |
Def5 |
Data |
|
Define risk response ICS ERM |
Develop implementation plan |
Input data |
|
Define risk response ICS ERM |
Develop implementation plan DP |
Mapping Target |
|
Define risk response ICS ERM |
Develop implementation plan DP |
Mapping Target |
|
Define risk response ICS ERM |
Identify risk responses |
Output data |
|
Define risk response ICS ERM |
Identify risk responses DP |
Mapping Target |
|
Define risk response ICS ERM |
Select response |
Output data |
|
Define risk response ICS ERM |
Select response |
Input data |
|
Evaluate possible risk responses ICS ERM |
Assess costs vs. benefits |
Output data |
|
Evaluate possible risk responses ICS ERM |
Assess costs vs. benefits |
Input data |
|
Evaluate possible risk responses ICS ERM |
Evaluate effect of response on likelihood and impact |
Output data |
|
Evaluate possible risk responses ICS ERM |
Evaluate effect of response on likelihood and impact |
Input data |
|
Evaluate possible risk responses ICS ERM |
Evaluate possible IT actions |
Output data |
|
Evaluate possible risk responses ICS ERM |
Evaluate possible IT actions |
Input data |
|
Evaluate possible risk responses ICS ERM |
Identify opportunities in response options |
Input data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data7 |
Data |
AS-IS analysis |
Perform Governance Framework gap analysis |
Analyse AS-IS state in IT |
Output data |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in organisational structure |
Output data |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in processes |
Output data |
|
Perform Governance Framework gap analysis |
Assess gaps in IT |
Input data |
|
Perform Governance Framework gap analysis |
Assess gaps in processes |
Input data |
|
Perform Governance Framework gap analysis |
Assess of gaps in organisational structure |
Input data |
|
Perform Governance Framework gap analysis |
Formulate req. on organisational structure |
Input data |
|
Perform Governance Framework gap analysis |
Formulate requirements on IT services |
Input data |
Audit readiness |
Perform internal/external audit |
Inform auditor about audit readiness |
Output data |
|
Perform internal/external audit |
Inspect given areas |
Input data |
Audit results |
Develop reports |
Develop ad-hoc reports |
Input data |
|
Develop reports |
Develop periodical reports |
Input data |
|
IT Monitor and Review - CGF |
Data Port-168307 |
Mapping Source |
|
IT Monitor and Review - CGF |
Exchange Data1 |
Data |
|
IT Monitor and Review - ICS |
Exchange Data3 |
Data |
|
Monitor business operations ICS ERM |
Mon2 |
Data |
|
Monitor business operations ICS ERM |
Perform separate evaluations |
Output data |
|
Monitor business operations ICS ERM |
Report deficiencies upstream |
Input data |
|
Monitor IT operations ICS |
Perform separate evaluations |
Output data |
|
Monitor IT operations ICS |
Report deficiencies upstream |
Input data |
|
Perform internal/external audit |
Aud1 |
Data |
|
Perform internal/external audit |
Certify |
Input data |
|
Perform internal/external audit |
Inspect given areas |
Output data |
|
Perform internal/external audit |
Report deficiencies |
Input data |
Business case |
Evaluate Framework implementation scenarios |
Decide on final vision |
Input data |
|
Evaluate Framework implementation scenarios |
Develop business case |
Output data |
Certificate |
Perform internal/external audit |
Certify |
Output data |
Code of conduct |
Analyse internal environment ICS ERM |
Align Organisational structure |
Output data |
|
Analyse internal environment ICS ERM |
Ana3 |
Data |
|
Analyse internal environment ICS ERM |
Ana4 |
Data |
|
Analyse internal environment ICS ERM |
Ana7 |
Data |
|
Analyse internal environment ICS ERM |
Ensure proper oversight from Board of Directors |
Output data |
|
Analyse internal environment ICS ERM |
Ensure proper oversight from Board of Directors |
Input data |
|
Analyse internal environment ICS ERM |
Establish ethical values |
Output data |
|
Analyse internal environment ICS ERM |
Establish ethical values |
Input data |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - ICS |
Exchange Data4 |
Data |
Communication strategy |
Information & communication ICS ERM |
Align communication with ERM strategy |
Output data |
|
Information & communication ICS ERM |
Align communication with ERM strategy |
Input data |
Company strategy |
Analyse internal environment ICS ERM |
Agree level of risk appetite |
Input data |
|
Analyse internal environment ICS ERM |
Agree level of risk appetite DP |
Mapping Target |
|
Analyse internal environment ICS ERM |
Align human resource policies and practices to ERM needs |
Input data |
|
Analyse internal environment ICS ERM |
Align Organisational structure |
Input data |
|
Analyse internal environment ICS ERM |
Align risk culture to ERM |
Input data |
|
Analyse internal environment ICS ERM |
Ana1 |
Data |
|
Analyse internal environment ICS ERM |
Assign authority and responsibility |
Input data |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy |
Input data |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy DP |
Mapping Target |
|
Assess IT environment ICS |
Asses IT environment |
Input data |
|
Evaluate Framework implementation scenarios |
Align road map with company strategy |
Input data |
|
Evaluate Framework implementation scenarios |
Align road map with company strategy DP |
Mapping Target |
|
Identify events ERM |
Consider range of potential events |
Input data |
|
Identify events ERM |
Establish factors influencing strategy and objectives |
Input data |
|
Manage changes in environment |
Analyse changes in external environment |
Input data |
|
Set objective ICS ERM |
Align with strategy and risk appetite |
Input data |
|
Set objective ICS ERM |
Ensure selected objectives support strategy |
Output data |
|
Set objective ICS ERM |
Ensure selected objectives support strategy |
Input data |
|
Set objective ICS ERM |
Establish strategic objectives |
Output data |
|
Set objective ICS ERM |
Establish strategic objectives |
Input data |
|
Set objective ICS ERM |
Establish strategic objectives DP |
Mapping Target |
|
Set objective ICS ERM |
Identify critical success factors |
Output data |
|
Set objective ICS ERM |
Identify critical success factors |
Input data |
Control activities |
Define business controls ICS |
Assigning controls to the business processes |
Output data |
|
Define business controls ICS |
Assigning controls to the business processes |
Input data |
|
Define business controls ICS |
Def3 |
Data |
|
Define business controls ICS |
Define controls on manual procedure base |
Output data |
|
Define business controls ICS |
Define controls on manual procedure base |
Input data |
|
Define business controls ICS |
Documentation of business process controls |
Input data |
|
Define business controls ICS |
Evaluate applicable types of control activities |
Output data |
|
Define IT controls ICS |
Evaluate possible IT controls |
Output data |
|
Define IT controls ICS |
Evaluate possible IT controls |
Input data |
|
Establish control activities ICS ERM |
Establish control baseline |
Output data |
|
Establish control activities ICS ERM |
Establish control baseline |
Input data |
|
Establish control activities ICS ERM |
Establish entity specific controls |
Output data |
|
Establish control activities ICS ERM |
Establish entity specific controls DP |
Mapping Target |
|
Establish control activities ICS ERM |
Establish entity specific controls DP |
Mapping Target |
|
Establish control activities ICS ERM |
Hold training sessions |
Input data |
|
Establish control activities ICS ERM |
Implement internal controls |
Input data |
|
Establish control activities ICS ERM |
Prioritise monitoring procedures |
Input data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data5 |
Data |
|
Monitor business operations ICS ERM |
Perform ongoing monitoring activities |
Input data |
|
Monitor IT operations ICS |
Perform ongoing monitoring activities |
Input data |
|
Monitor IT operations ICS |
Perform separate evaluations |
Input data |
Control documentation |
IT Monitor and Review - CGF |
Data Port-168307 |
Mapping Source |
|
IT Monitor and Review - CGF |
Exchange Data2 |
Data |
|
Test Governance Framework environment |
Correct problems |
Output data |
|
Test Governance Framework environment |
Correct problems |
Input data |
|
Test Governance Framework environment |
Evaluate test results |
Input data |
|
Test Governance Framework environment |
Test2 |
Data |
|
Test Governance Framework environment |
Test infrastructure |
Output data |
|
Test Governance Framework environment |
Test processes and procedures |
Output data |
Critical success factors |
Identify events ERM |
Consider range of potential events |
Input data |
|
Identify events ERM |
Establish factors influencing strategy and objectives |
Input data |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - ICS |
Exchange Data8 |
Data |
|
Set objective ICS ERM |
Ensure selected objectives support strategy |
Output data |
|
Set objective ICS ERM |
Ensure selected objectives support strategy |
Input data |
|
Set objective ICS ERM |
Identify critical success factors |
Output data |
|
Set objective ICS ERM |
Set3 |
Data |
Deficiencies |
Monitor business operations ICS ERM |
Report deficiencies upstream |
Output data |
|
Monitor IT operations ICS |
Report deficiencies upstream |
Output data |
Disclosure reports |
Disclose required information |
Disclose required information |
Output data |
|
Disclose required information |
Disclose required information DP |
Mapping Target |
|
Disclose required information |
Disclose required information DP |
Mapping Target |
|
Disclose required information |
Disclose required information DP |
Mapping Target |
|
Disclose required information |
Exchange Data2 |
Data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data11 |
Data |
Entity objectives |
Establish control activities ICS ERM |
Establish entity specific controls |
Input data |
|
Identify events ERM |
Consider range of potential events |
Input data |
|
Identify events ERM |
Establish factors influencing strategy and objectives |
Input data |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - ICS |
Exchange Data8 |
Data |
|
Set objective ICS ERM |
Align with strategy and risk appetite |
Output data |
|
Set objective ICS ERM |
Align with strategy and risk appetite |
Input data |
|
Set objective ICS ERM |
Ensure selected objectives support strategy |
Output data |
|
Set objective ICS ERM |
Ensure selected objectives support strategy |
Input data |
|
Set objective ICS ERM |
Establish strategic objectives |
Output data |
|
Set objective ICS ERM |
Identify critical success factors |
Input data |
|
Set objective ICS ERM |
Set4 |
Data |
|
Set objective ICS ERM |
Set5 |
Data |
|
Set objective ICS ERM |
Set risk tolerances |
Output data |
|
Set objective ICS ERM |
Set risk tolerances |
Input data |
Framework best practices |
Monitor changes in Governance Frameworks |
Monitor changes in best practices |
Input data |
|
Monitor changes in Governance Frameworks |
Monitor changes in best practices DP |
Mapping Target |
|
Monitor changes in Governance Frameworks |
Monitor changes in best practices DP |
Mapping Target |
Gap report |
Evaluate Framework implementation scenarios |
Develop different imp. scenarios |
Input data |
|
Perform Governance Framework gap analysis |
Assess gaps in IT |
Output data |
|
Perform Governance Framework gap analysis |
Assess gaps in processes |
Output data |
|
Perform Governance Framework gap analysis |
Assess of gaps in organisational structure |
Output data |
|
Perform Governance Framework gap analysis |
Develop final report |
Output data |
|
Perform Governance Framework gap analysis |
Develop final report |
Input data |
|
Perform Governance Framework gap analysis |
Formulate req. on organisational structure |
Input data |
|
Perform Governance Framework gap analysis |
Formulate requirements on IT services |
Input data |
ICS report |
Develop reports |
Dev1 |
Data |
|
Develop reports |
Develop ad-hoc reports |
Output data |
|
Develop reports |
Develop periodical reports |
Output data |
|
IT Monitor and Review - ICS |
Data Port |
Mapping Source |
|
IT Monitor and Review - ICS |
Exchange Data4 |
Data |
Implementation plan |
Develop projects plans |
Split implement. into smaller projects |
Input data |
|
Evaluate Framework implementation scenarios |
Align road map with company strategy |
Output data |
|
Evaluate Framework implementation scenarios |
Align road map with company strategy |
Input data |
|
Evaluate Framework implementation scenarios |
Decide on final vision |
Output data |
|
Evaluate Framework implementation scenarios |
Develop different imp. scenarios |
Input data |
|
Evaluate Framework implementation scenarios |
Develop different imp. scenarios DP |
Mapping Target |
|
Evaluate Framework implementation scenarios |
Develop different imp. scenarios DP |
Mapping Target |
|
Evaluate Framework implementation scenarios |
Develop rough road map |
Output data |
|
Evaluate Framework implementation scenarios |
Develop rough road map |
Input data |
|
Evaluate Framework implementation scenarios |
Identify dependencies |
Input data |
|
Evaluate Framework implementation scenarios |
Prioritise actions |
Output data |
|
Perform Governance Framework gap analysis |
Analyse framework requirements |
Output data |
|
Perform Governance Framework gap analysis |
Categorise framework requirements |
Output data |
|
Perform Governance Framework gap analysis |
Create TO-BE model for processes |
Input data |
|
Perform Governance Framework gap analysis |
Create TO-BE model in IT |
Input data |
|
Perform Governance Framework gap analysis |
Create TO-BE model in organisational structure |
Input data |
|
Perform Governance Framework gap analysis |
Develop final report |
Output data |
|
Perform Governance Framework gap analysis |
Identify affected areas in organisation |
Output data |
|
Perform Governance Framework gap analysis |
Identify relevant variants within framework |
Output data |
|
Perform Governance Framework gap analysis |
Include local framework adaptation |
Output data |
Implementation scenarios |
Evaluate Framework implementation scenarios |
Decide on final vision |
Input data |
|
Evaluate Framework implementation scenarios |
Develop business case |
Input data |
|
Evaluate Framework implementation scenarios |
Develop different imp. scenarios |
Output data |
|
Evaluate Framework implementation scenarios |
Eva1 |
Data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data5 |
Data |
IT risks catalogue |
Assess and evaluate IT risks ICS |
Asse4 |
Data |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) |
Output data |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Target |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Target |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Target |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Target |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Target |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Target |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Target |
|
Assess and evaluate IT risks ICS |
Evaluate risks for IT service(s) |
Output data |
|
Assess and evaluate IT risks ICS |
Evaluate risks for IT service(s) |
Input data |
|
Assess and evaluate IT risks ICS |
Evaluate risks for IT service(s) DP |
Mapping Target |
|
Assess and evaluate IT risks ICS |
Evaluate risks for IT service(s) DP |
Mapping Target |
|
Assess risks ICS ERM |
Assess correlation of risks |
Input data |
|
Define IT controls ICS |
Assigning controls to the business processes |
Output data |
|
Define IT controls ICS |
Assigning controls to the business processes |
Input data |
|
Define IT controls ICS |
Def3 |
Data |
|
Define IT controls ICS |
Documentation of IT process controls |
Input data |
|
Define IT controls ICS |
Documentation of IT process controls |
Output data |
|
Define IT controls ICS |
Identify IT control requirements |
Input data |
|
Define IT controls ICS |
Identify IT control requirements DP |
Mapping Target |
|
Define risk response ICS ERM |
Def4 |
Data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - ICS |
Exchange Data3 |
Data |
|
IT Risk Assessment - ICS |
Data Port |
Mapping Source |
|
IT Risk Assessment - ICS |
Exchange Data1 |
Data |
IT service documentation |
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy |
Input data |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy DP |
Mapping Target |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) |
Input data |
|
Assess IT environment ICS |
Asse1 |
Data |
|
Assess IT environment ICS |
Asses IT environment |
Output data |
|
Assess IT environment ICS |
Asses IT environment |
Input data |
|
Assess IT environment ICS |
Asses IT environment DP |
Mapping Target |
|
Collect event details ICS |
Assign event to IT service/IT service process |
Input data |
|
Define IT controls ICS |
Assigning controls to the business processes |
Output data |
|
Define IT controls ICS |
Configure IT service |
Output data |
|
Define IT controls ICS |
Configure IT service |
Input data |
|
Define IT controls ICS |
Def3 |
Data |
|
Define IT controls ICS |
Documentation of IT process controls |
Output data |
|
Define IT controls ICS |
Documentation of IT process controls |
Input data |
|
Define IT controls ICS |
Evaluate possible IT controls |
Input data |
|
Define IT controls ICS |
Identify IT control requirements |
Input data |
|
Define IT controls ICS |
Identify IT control requirements DP |
Mapping Target |
|
Design IT service |
Define TO-BE applications landscape |
Output data |
|
Design IT service |
Define TO-BE communication elements |
Output data |
|
Design IT service |
Define TO-BE infrastructure elements |
Output data |
|
Design IT service |
Define TO-BE IT service process |
Output data |
|
Execute projects |
Identify deviations from agreed plan of implementation |
Input data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data9 |
Data |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - ICS |
Exchange Data3 |
Data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data6 |
Data |
|
Manage changes in environment |
Analyse changes in IT |
Input data |
|
Monitor IT operations ICS |
Perform ongoing monitoring activities |
Input data |
|
Monitor IT operations ICS |
Perform separate evaluations |
Input data |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in IT |
Input data |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in IT DP |
Mapping Target |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in IT DP |
Mapping Target |
|
Perform Governance Framework gap analysis |
Identify affected areas in organisation |
Input data |
|
Test Governance Framework environment |
Correct problems |
Output data |
|
Test Governance Framework environment |
Test1 |
Data |
|
Test Governance Framework environment |
Test infrastructure |
Input data |
IT service imp. scenarios |
Design IT service |
Define TO-BE applications landscape |
Input data |
|
Design IT service |
Define TO-BE communication elements |
Input data |
|
Design IT service |
Define TO-BE infrastructure elements |
Input data |
|
Design IT service |
Define TO-BE IT service process |
Input data |
|
Design IT service |
Des3 |
Data |
|
Design IT service |
Design implementation scenarios |
Output data |
|
Design IT service |
Evaluate implementation scenarios |
Input data |
|
Design IT service |
Evaluate implementation scenarios |
Output data |
|
Design IT service |
Evaluate implementation scenarios DP |
Mapping Target |
|
Design IT service |
Evaluate implementation scenarios DP |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data8 |
Data |
Legal framework regulations |
IT Definition of Scope and Framework - CGF |
Data Port-164735 |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Data Port-164735-168020 |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data1 |
Data |
|
Monitor changes in Governance Frameworks |
Monitor changes in normative acts |
Input data |
|
Perform Governance Framework gap analysis |
Analyse framework requirements |
Input data |
|
Perform Governance Framework gap analysis |
Categorise framework requirements |
Input data |
|
Perform Governance Framework gap analysis |
Create TO-BE model for processes |
Input data |
|
Perform Governance Framework gap analysis |
Create TO-BE model in IT |
Input data |
|
Perform Governance Framework gap analysis |
Create TO-BE model in organisational structure |
Input data |
|
Perform Governance Framework gap analysis |
Identify relevant variants within framework |
Input data |
|
Perform Governance Framework gap analysis |
Include local framework adaptation |
Output data |
|
Perform Governance Framework gap analysis |
Per1 |
Data |
List of critical activities |
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Source |
Local framework adaptations |
IT Definition of Scope and Framework - CGF |
Data Port-164735 |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Data Port-164735-168020 |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data1 |
Data |
|
Perform Governance Framework gap analysis |
Include local framework adaptation |
Input data |
|
Perform Governance Framework gap analysis |
Per2 |
Data |
Loss collection DB |
Collect event details ICS |
Assign event to business process |
Output data |
|
Collect event details ICS |
Assign event to business process |
Input data |
|
Collect event details ICS |
Assign event to IT service/IT service process |
Output data |
|
Collect event details ICS |
Assign event to IT service/IT service process |
Input data |
|
Collect event details ICS |
Assign event to risk |
Output data |
|
Collect event details ICS |
Assign event to risk |
Input data |
|
Collect event details ICS |
Record event details |
Output data |
|
Collect event details ICS |
Record event details DP |
Mapping Target |
|
Collect event details ICS |
Record event details DP |
Mapping Target |
|
Collect event details ICS |
Record request for extension of risk catalogue |
Output data |
|
Collect event details ICS |
Record request for extension of risk catalogue |
Input data |
Monitoring info |
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy |
Input data |
|
Develop reports |
Develop ad-hoc reports |
Input data |
|
Develop reports |
Develop periodical reports |
Input data |
|
IT Monitor and Review - ICS |
Data Port |
Mapping Source |
|
IT Monitor and Review - ICS |
Exchange Data3 |
Data |
|
Monitor business operations ICS ERM |
Mon2 |
Data |
|
Monitor business operations ICS ERM |
Perform ongoing monitoring activities |
Output data |
|
Monitor business operations ICS ERM |
Report deficiencies upstream |
Input data |
|
Monitor IT operations ICS |
Mon2 |
Data |
|
Monitor IT operations ICS |
Perform ongoing monitoring activities |
Output data |
|
Monitor IT operations ICS |
Report deficiencies upstream |
Input data |
Monitoring plan |
Establish control activities ICS ERM |
Est5 |
Data |
|
Establish control activities ICS ERM |
Prioritise monitoring procedures |
Output data |
|
Establish control activities ICS ERM |
Prioritise monitoring procedures DP |
Mapping Target |
|
IT Monitor and Review - ICS |
Data Port |
Mapping Source |
|
IT Monitor and Review - ICS |
Exchange Data1 |
Data |
|
Monitor business operations ICS ERM |
Perform ongoing monitoring activities |
Input data |
|
Monitor business operations ICS ERM |
Perform ongoing monitoring activities DP |
Mapping Target |
|
Monitor business operations ICS ERM |
Perform separate evaluations |
Input data |
|
Monitor IT operations ICS |
Perform ongoing monitoring activities |
Input data |
|
Monitor IT operations ICS |
Perform ongoing monitoring activities DP |
Mapping Target |
|
Monitor IT operations ICS |
Perform separate evaluations |
Input data |
Organisational structure |
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy |
Input data |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy DP |
Mapping Target |
|
Analyse internal environment ICS ERM |
Specify the competency levels for particular jobs |
Input data |
|
Define risk response ICS ERM |
Def5 |
Data |
|
Define risk response ICS ERM |
Develop implementation plan |
Output data |
|
Execute projects |
Exe1 |
Data |
|
Execute projects |
Execute changes in organisational structure |
Output data |
|
Execute projects |
Execute changes in organisational structure |
Input data |
|
Execute projects |
Identify deviations from agreed plan of implementation |
Input data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data7 |
Data |
|
IT Definition of Scope and Framework - CGF |
Exchange Data9 |
Data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data7 |
Data |
|
Manage changes in environment |
Analyse changes in organisational structure |
Input data |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in organisational structure |
Input data |
|
Perform Governance Framework gap analysis |
Identify affected areas in organisation |
Input data |
|
Test Governance Framework environment |
Test1 |
Data |
Policy statement |
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy |
Output data |
Potential events |
Collect event details ICS |
Assign event to risk |
Input data |
|
Collect event details ICS |
Record request for extension of risk catalogue |
Input data |
|
Identify events ERM |
Categorise events |
Input data |
|
Identify events ERM |
Consider range of potential events |
Output data |
|
Identify events ERM |
Consider range of potential events DP |
Mapping Target |
|
Identify events ERM |
Consider range of potential events DP |
Mapping Target |
|
Identify events ERM |
Consider range of potential events DP |
Mapping Target |
|
Identify events ERM |
Establish event interdependencies |
Output data |
|
Identify events ERM |
Establish event interdependencies |
Input data |
Process documentation |
Analyse internal environment ICS ERM |
Align human resource policies and practices to ERM needs |
Output data |
|
Analyse internal environment ICS ERM |
Ana9 |
Data |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy |
Input data |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy DP |
Mapping Target |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy DP |
Mapping Target |
|
Analyse internal environment ICS ERM |
Specify the competency levels for particular jobs |
Input data |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) |
Input data |
|
Assess risks ICS ERM |
Identify relevant process risks |
Input data |
|
Collect event details ICS |
Assign event to business process |
Input data |
|
Define business controls ICS |
Assigning controls to the business processes |
Output data |
|
Define business controls ICS |
Assigning controls to the business processes |
Input data |
|
Define business controls ICS |
Def3 |
Data |
|
Define business controls ICS |
Define controls on manual procedure base |
Output data |
|
Define business controls ICS |
Define controls on manual procedure base |
Input data |
|
Define business controls ICS |
Documentation of business process controls |
Output data |
|
Define business controls ICS |
Evaluate applicable types of control activities |
Input data |
|
Define business controls ICS |
Evaluate applicable types of control activities DP |
Mapping Target |
|
Define risk response ICS ERM |
Def5 |
Data |
|
Define risk response ICS ERM |
Develop implementation plan |
Output data |
|
Define risk response ICS ERM |
Implement plan |
Input data |
|
Document procedures and processes ICS ERM |
Check of documentation of all main procedures and processes |
Input data |
|
Document procedures and processes ICS ERM |
Doc1 |
Data |
|
Document procedures and processes ICS ERM |
Documentation of missing processes |
Output data |
|
Establish control activities ICS ERM |
Est4 |
Data |
|
Establish control activities ICS ERM |
Establish control baseline |
Input data |
|
Establish control activities ICS ERM |
Establish entity specific controls |
Output data |
|
Establish control activities ICS ERM |
Hold training sessions |
Input data |
|
Establish control activities ICS ERM |
Implement internal controls |
Input data |
|
Execute projects |
Exe1 |
Data |
|
Execute projects |
Execute changes in organisational structure |
Output data |
|
Execute projects |
Execute changes in organisational structure |
Input data |
|
Execute projects |
Execute process changes |
Output data |
|
Execute projects |
Execute process changes |
Input data |
|
Execute projects |
Identify deviations from agreed plan of implementation |
Input data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data5 |
Data |
|
IT Definition of Scope and Framework - CGF |
Exchange Data7 |
Data |
|
IT Definition of Scope and Framework - CGF |
Exchange Data9 |
Data |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - ICS |
Exchange Data1 |
Data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data2 |
Data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data4 |
Data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data5 |
Data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data7 |
Data |
|
Manage changes in environment |
Analyse changes in business processes |
Input data |
|
Monitor business operations ICS ERM |
Perform ongoing monitoring activities |
Input data |
|
Monitor business operations ICS ERM |
Perform separate evaluations |
Input data |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in processes |
Input data |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in processes DP |
Mapping Target |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in processes DP |
Mapping Target |
|
Perform Governance Framework gap analysis |
Create TO-BE model for processes |
Input data |
|
Perform Governance Framework gap analysis |
Identify affected areas in organisation |
Input data |
|
Perform internal/external audit |
Inspect given areas |
Input data |
|
Test Governance Framework environment |
Correct problems |
Output data |
|
Test Governance Framework environment |
Test1 |
Data |
|
Test Governance Framework environment |
Test processes and procedures |
Input data |
Projects list |
Develop projects plans |
Analyse dependencies with other projects |
Input data |
|
Develop projects plans |
Dev1 |
Data |
|
Develop projects plans |
Split implement. into smaller projects |
Output data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data6 |
Data |
Projects plans |
Design IT service |
Design implementation scenarios |
Input data |
|
Develop projects plans |
Analyse dependencies with other projects |
Output data |
|
Develop projects plans |
Analyse dependencies with other projects |
Input data |
|
Develop projects plans |
Dev1 |
Data |
|
Develop projects plans |
Dev2 |
Data |
|
Develop projects plans |
Identify projects steps and deliverables |
Output data |
|
Develop projects plans |
Identify projects steps and deliverables |
Input data |
|
Develop projects plans |
Schedule projects in details |
Output data |
|
Develop projects plans |
Schedule projects in details |
Input data |
|
Develop projects plans |
Split implement. into smaller projects |
Output data |
|
Develop projects plans |
Split implement. into smaller projects DP |
Mapping Target |
|
Develop projects plans |
Split implement. into smaller projects DP |
Mapping Target |
|
Execute projects |
Execute changes in organisational structure |
Input data |
|
Execute projects |
Execute process changes |
Input data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data6 |
Data |
Projects schedule |
Design IT service |
Design implementation scenarios |
Input data |
|
Develop projects plans |
Analyse dependencies with other projects |
Input data |
|
Develop projects plans |
Dev2 |
Data |
|
Develop projects plans |
Schedule projects in details |
Output data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data6 |
Data |
Requirements on IT |
Design IT service |
Design implementation scenarios |
Input data |
|
Evaluate Framework implementation scenarios |
Identify dependencies |
Output data |
|
Evaluate Framework implementation scenarios |
Prioritise actions |
Input data |
|
Perform Governance Framework gap analysis |
Create TO-BE model in IT |
Input data |
|
Perform Governance Framework gap analysis |
Formulate requirements on IT services |
Output data |
Requirements on organisational structure |
Evaluate Framework implementation scenarios |
Identify dependencies |
Output data |
|
Evaluate Framework implementation scenarios |
Prioritise actions |
Input data |
|
Execute projects |
Execute changes in organisational structure |
Input data |
|
Perform Governance Framework gap analysis |
Create TO-BE model in organisational structure |
Input data |
|
Perform Governance Framework gap analysis |
Formulate req. on organisational structure |
Output data |
Requirements on processes |
Evaluate Framework implementation scenarios |
Identify dependencies |
Output data |
|
Evaluate Framework implementation scenarios |
Prioritise actions |
Input data |
|
Execute projects |
Execute process changes |
Input data |
Risk catalogue |
Assess risks ICS ERM |
Asse4 |
Data |
|
Assess risks ICS ERM |
Assess correlation of risks |
Output data |
|
Assess risks ICS ERM |
Assess correlation of risks |
Input data |
|
Assess risks ICS ERM |
Estimate likelihood and impact |
Output data |
|
Assess risks ICS ERM |
Estimate likelihood and impact |
Input data |
|
Assess risks ICS ERM |
Estimate likelihood and impact DP |
Mapping Target |
|
Assess risks ICS ERM |
Estimate likelihood and impact DP |
Mapping Target |
|
Assess risks ICS ERM |
Estimate likelihood and impact DP |
Mapping Target |
|
Assess risks ICS ERM |
Identify relevant process risks |
Output data |
|
Assess risks ICS ERM |
Identify relevant process risks DP |
Mapping Target |
|
Assess risks ICS ERM |
Identify relevant process risks DP |
Mapping Target |
|
Assess risks ICS ERM |
Identify relevant process risks DP |
Mapping Target |
|
Assess risks ICS ERM |
Use qualitative methodologies and techniques |
Input data |
|
Assess risks ICS ERM |
Use qualitative methodologies and techniques |
Output data |
|
Assess risks ICS ERM |
Use quantitative methodologies and techniques |
Input data |
|
Assess risks ICS ERM |
Use quantitative methodologies and techniques |
Output data |
|
Assess risks ICS ERM |
Which estimation method? DP |
Mapping Target |
|
Collect event details ICS |
Assign event to risk |
Input data |
|
Collect event details ICS |
Record request for extension of risk catalogue |
Output data |
|
Collect event details ICS |
Record request for extension of risk catalogue |
Input data |
|
Define business controls ICS |
Evaluate applicable types of control activities |
Input data |
|
Define business controls ICS |
Evaluate applicable types of control activities DP |
Mapping Target |
|
Define risk response ICS ERM |
Identify risk responses |
Input data |
|
Evaluate possible risk responses ICS ERM |
Evaluate effect of response on likelihood and impact |
Input data |
|
Identify events ERM |
Categorise events |
Output data |
|
Identify events ERM |
Distinguish risks and opportunities |
Output data |
|
Identify events ERM |
Distinguish risks and opportunities |
Input data |
|
Identify events ERM |
Ide2 |
Data |
|
Identify events ERM |
Ide3 |
Data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - ERM |
Data Port-135201 |
Mapping Source |
|
IT Definition of Scope and Framework - ERM |
Exchange Data1 |
Data |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Source |
|
IT Risk Assessment - ERM |
Data Port |
Mapping Source |
|
IT Risk Assessment - ERM |
Exchange Data1 |
Data |
|
IT Risk Assessment - ICS |
Data Port |
Mapping Source |
|
IT Risk Assessment - ICS |
Exchange Data3 |
Data |
Risk strategy |
Analyse internal environment ICS ERM |
Agree level of risk appetite |
Output data |
|
Analyse internal environment ICS ERM |
Agree level of risk appetite DP |
Mapping Target |
|
Analyse internal environment ICS ERM |
Align human resource policies and practices to ERM needs |
Input data |
|
Analyse internal environment ICS ERM |
Align Organisational structure |
Input data |
|
Analyse internal environment ICS ERM |
Align risk culture to ERM |
Input data |
|
Analyse internal environment ICS ERM |
Ana10 |
Data |
|
Analyse internal environment ICS ERM |
Ana2 |
Data |
|
Analyse internal environment ICS ERM |
Ana6 |
Data |
|
Analyse internal environment ICS ERM |
Assess differences in environment and their impact on ERM |
Output data |
|
Analyse internal environment ICS ERM |
Assess differences in environment and their impact on ERM |
Input data |
|
Analyse internal environment ICS ERM |
Assign authority and responsibility |
Input data |
|
Analyse internal environment ICS ERM |
Create an effective environment |
Output data |
|
Analyse internal environment ICS ERM |
Create an effective environment |
Input data |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy |
Output data |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) |
Input data |
|
Assess IT environment ICS |
Asses IT environment |
Input data |
|
Define business controls ICS |
Evaluate applicable types of control activities |
Input data |
|
Define risk response ICS ERM |
Identify risk responses |
Input data |
|
Establish control activities ICS ERM |
Establish entity specific controls |
Input data |
|
Establish control activities ICS ERM |
Hold training sessions |
Input data |
|
Establish control activities ICS ERM |
Prioritise monitoring procedures |
Input data |
|
Evaluate possible risk responses ICS ERM |
Evaluate effect of response on likelihood and impact |
Input data |
|
Evaluate possible risk responses ICS ERM |
Identify opportunities in response options |
Output data |
|
Identify events ERM |
Categorise events |
Output data |
|
Identify events ERM |
Categorise events |
Input data |
|
Identify events ERM |
Consider range of potential events |
Output data |
|
Identify events ERM |
Consider range of potential events |
Input data |
|
Identify events ERM |
Distinguish risks and opportunities |
Output data |
|
Identify events ERM |
Distinguish risks and opportunities |
Input data |
|
Identify events ERM |
Establish event interdependencies |
Output data |
|
Identify events ERM |
Establish event interdependencies |
Input data |
|
Identify events ERM |
Establish factors influencing strategy and objectives |
Output data |
|
Identify events ERM |
Ide3 |
Data |
|
Identify events ERM |
Select event identification methodology and techniques |
Output data |
|
Identify events ERM |
Select event identification methodology and techniques |
Input data |
|
Information & communication ICS ERM |
Align communication with ERM strategy |
Input data |
|
IT Definition of Scope and Framework - ERM |
Data Port-135201 |
Mapping Source |
|
IT Definition of Scope and Framework - ERM |
Exchange Data1 |
Data |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - ICS |
Exchange Data4 |
Data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data8 |
Data |
|
Monitor business operations ICS ERM |
Perform ongoing monitoring activities |
Input data |
|
Monitor business operations ICS ERM |
Perform separate evaluations |
Input data |
|
Monitor IT operations ICS |
Perform ongoing monitoring activities |
Input data |
|
Monitor IT operations ICS |
Perform separate evaluations |
Input data |
|
Set objective ICS ERM |
Align with strategy and risk appetite |
Output data |
|
Set objective ICS ERM |
Align with strategy and risk appetite |
Input data |
|
Set objective ICS ERM |
Align with strategy and risk appetite DP |
Mapping Target |
|
Set objective ICS ERM |
Ensure selected objectives support strategy |
Output data |
|
Set objective ICS ERM |
Establish strategic objectives |
Output data |
|
Set objective ICS ERM |
Identify critical success factors |
Output data |
|
Set objective ICS ERM |
Set2 |
Data |
|
Set objective ICS ERM |
Set4 |
Data |
|
Set objective ICS ERM |
Set5 |
Data |
|
Set objective ICS ERM |
Set risk tolerances |
Output data |
|
Set objective ICS ERM |
Set risk tolerances |
Input data |
|
Set objective ICS ERM |
Set risk tolerances DP |
Mapping Target |
Staff regulations |
Analyse internal environment ICS ERM |
Align human resource policies and practices to ERM needs |
Output data |
|
Analyse internal environment ICS ERM |
Align Organisational structure |
Output data |
|
Analyse internal environment ICS ERM |
Ana5 |
Data |
|
Analyse internal environment ICS ERM |
Ana7 |
Data |
|
Analyse internal environment ICS ERM |
Ana8 |
Data |
|
Analyse internal environment ICS ERM |
Ana9 |
Data |
|
Analyse internal environment ICS ERM |
Assign authority and responsibility |
Output data |
|
Analyse internal environment ICS ERM |
Specify the competency levels for particular jobs |
Output data |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - ICS |
Exchange Data4 |
Data |
TO-BE model |
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data3 |
Data |
|
Perform Governance Framework gap analysis |
Assess gaps in IT |
Input data |
|
Perform Governance Framework gap analysis |
Assess gaps in processes |
Input data |
|
Perform Governance Framework gap analysis |
Assess of gaps in organisational structure |
Input data |
|
Perform Governance Framework gap analysis |
Create TO-BE model for processes |
Output data |
|
Perform Governance Framework gap analysis |
Create TO-BE model in IT |
Output data |
|
Perform Governance Framework gap analysis |
Create TO-BE model in organisational structure |
Output data |
|
Perform Governance Framework gap analysis |
Formulate req. on organisational structure |
Input data |
|
Perform Governance Framework gap analysis |
Formulate requirements on IT services |
Input data |
|
Perform Governance Framework gap analysis |
Per3 |
Data |
Unplanned changes |
Execute projects |
Exe1 |
Data |
|
Execute projects |
Identify deviations from agreed plan of implementation |
Output data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Source |
|
IT Definition of Scope and Framework - CGF |
Exchange Data7 |
Data |