Abstract:
The goal of Risk Management activities is to
define prevention and control mechanisms to address the risks attached to specify activities and valuable assets. Many Risk Management efforts operate in silos
with narrowly focused, functionally driven, and disjointed activities. That fact leads to a fragmented view of risks, where each activity uses its own language, customs and metrics. The lack of interconnection and holistic view of risks limits an
organization-wide perception of risks, where
interdependent risks are not anticipated, controlled or managed. In order to address the Risk Management interoperability and standardization issues, this paper
proposes an alignment between Risk Management, Governance and Enterprise Architecture activities, providing a systematic support to map and trace
identified risks to enterprise artifacts modeled within the Enterprise Architecture, supporting the overall strategy of any organization. We discuss the main relationships between Risk Management and
Enterprise Architecture and propose an architecture to integrate risks concerns into the overall organization environment.
