The figure presents a detailed version of the Execution level:
At the Execution level, the following elements were identified:
- Execution of business processes. The processes considered here are, for instance, Monitoring of changes in Governance Framework regulations or Managing Changes (entering new markets, introducing new products, etc.).
- Delivery of IT services. Processes in this area are not provided as it was assumed that these processes are regulated by other frameworks (e.g. ITIL, CobiT).
The contents of the ICS execution are as follows:
- Monitoring business operations. This process deals with monitoring, collection of data and reporting of business risks.
- The Loss Collection DB is a common element of both ERM and IT RM/RA. It is used to collect event details regarding Risk Management. Although many frameworks do not explicitly require Loss Collection, it is assumed that companies should still gather information on potential events (using data base, spreadsheets, text notes, etc.) for proper risk management.
- Monitoring of IT operations. This is the Monitoring process from the IT RM/RA framework.
Enterprise Risk Management covers the area of business process monitoring whereas IT RM/RA focuses on monitoring of IT operations. The integration of Business Governance and IT RM/RA is provided for these processes (see area marked violet).