A collaborative risk management framework for enterprise architecture

Abstract

The occurrence of risks in an enterprise can result in differences between business goals and their realization. Risk management is a central activity in the design of an enterprise: risk assessments supports the identifications of problems that expose the enterprise to risk, while risk treatment plans are drivers for enterprise engineering. Risk treatment plans are typically created in isolation, and often informal. We deal with this problem by developing a collaborative risk management framework, that involves all levels of an organization in conducting risk assessments and formalizing the treatment plans. We propose procedures to perform an integrated risk analysis, as well as metrics to deal with the collaborative aspect of risk management.