Integrated Risk Management Framework Design and Data Structures
Topçu, Ufuk Alp (2023)
2023
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202305098792
https://urn.fi/URN:NBN:fi:amk-202305098792
Tiivistelmä
The integrated risk management function has become more important in the past decade. The main reason for this is that companies in the globalized world are equally open to threats and risks. As the risk exposure increased, the areas within the risk function became a huge and complex processes on their own and became incapable of talking the same language in large institutions. The most important way to prevent this is to link these processes together by designing an integrated risk management framework.
In this study, author conducts workshops and research to come up with a design for each inte-grated risk management domain. Domains covered in this study are enterprise catalog man-agement, policy management, risk management, control assurance management, issue man-agement, third party risk management, key indicator management and vulnerability management.
During 2022, several workshops conducted with subject matter experts and GRC (Governance, Risk and Compliance) professionals in the industry. Each domain discussed separately with au-thor and after several iterations of design, author finalized the process and published the outputs in this study.
Each design consists of a high-level design and low-level design. High level design represents the objects and connections to each other, either the object is multi layered or not. Low-level de-sign represents the attributes of each object in the initial design.
This research also covers the conclusions of the study in the last chapter and states that inte-grated risk management can be segmented into objects and attributes by using object-oriented modelling which will help development of such tools in the future. Often, standards and regula-tions come with plain text descriptions for integrated risk management, at least discussing ways to put them in a high-level and low-level design will help organizations and GRC tool providers immensely.
In this study, author conducts workshops and research to come up with a design for each inte-grated risk management domain. Domains covered in this study are enterprise catalog man-agement, policy management, risk management, control assurance management, issue man-agement, third party risk management, key indicator management and vulnerability management.
During 2022, several workshops conducted with subject matter experts and GRC (Governance, Risk and Compliance) professionals in the industry. Each domain discussed separately with au-thor and after several iterations of design, author finalized the process and published the outputs in this study.
Each design consists of a high-level design and low-level design. High level design represents the objects and connections to each other, either the object is multi layered or not. Low-level de-sign represents the attributes of each object in the initial design.
This research also covers the conclusions of the study in the last chapter and states that inte-grated risk management can be segmented into objects and attributes by using object-oriented modelling which will help development of such tools in the future. Often, standards and regula-tions come with plain text descriptions for integrated risk management, at least discussing ways to put them in a high-level and low-level design will help organizations and GRC tool providers immensely.