An Enterprise Risk Management (ERM) program and processes should include all areas of enterprise risks and impacts that the entity may be exposed to. The risks weave back and forth affecting each other creating larger risks when viewed in a vacuum without looking at the 360 degree risk environment that can affect the organization.
The traditional risk evaluation and control and impact analysis were limited to threats that mainly focused on known physical and security areas. However, traditional methods alone cannot provide enterprise cost-effective controls based on enterprise risk, required security levels – both physical and information – and the associated cost controls.
Today’s enterprise risk evaluation and control and impact analysis include identifying enterprise threats, which can truly lead not only to a disruption but also to the destruction of an enterprise. ERM includes Business Continuity, Disaster Recovery, Emergency Management, Crisis, Security both Information and Physical as well as other key areas.
Be ready to respond when your organization’s had a Disaster or or Cyber attack . Be a step ahead since many organizations only learn to respond after they have been attacked. Be Aware. Be Prepared.
Review your current program against best practice.
- Risk Assessment and Impact Analysis
- Strategic Planning
- Better ways of Documenting
- Testing and Exercises in 2015 Joint Testing of Business Continuity, Disaster Recovery, Cyber Security Incident Response Program and Emergency Management