An Enterprise Risk Management (ERM) program and processes should include all areas of enterprise risks and impacts that the entity may be exposed to. The risks weave back and forth affecting each other creating larger risks when viewed in a vacuum without looking at the 360 degree risk environment that can affect the organization.
The traditional risk evaluation and control and impact analysis were limited to threats that mainly focused on known physical and security threats.
The traditional methods alone will not provide enterprise cost-effective controls based on enterprise risk, required security levels both physical and information and the associated cost controls.
Today’s enterprise risk evaluation and control and impact analysis include identifying enterprise threats, which can truly lead not only to a disruption but also to the destruction of an enterprise. ERM includes Cyber Security, Business Continuity, Disaster Recovery, Emergency Management, Crisis, Security both Information and Physical as well as other key areas.
Too many organizations are planning in Silos and are not aware of the interfaces between the pans, or worse yet the Gaps between the plans.
I suggest you conduct a Gap Analysis of your ERM Planning process today.