Risk management fails when information is scattered, redundant, non-reliable, and managed as a system of parts that do not integrate and work as a collective whole. The risk management information architecture supports the process architecture and overall risk management strategy. With processes defined and structured the organization can now define the information architecture needed to support risk management processes. The risk management information architecture involves the structural design, labeling, use, flow, processing, and reporting of risk management information to support risk management processes.
Successful risk management information architecture will be able to integrate information across risk management systems and business systems. This requires a robust and adaptable information architecture that can model the complexity of risk information, transactions, interactions, relationship, cause and effect, and analysis of information that integrates and manages with a range of business systems and external data.
The risk management technology architecture operationalizes the information and process architecture to support the overall risk management strategy. The right technology architecture enables the organization to effectively manage risk and facilitate the ability to document, communicate, report, and monitor the range of risk assessments, documents, tasks, responsibilities, and action plans.
There can and should be a central core technology platform for risk management that connects the fabric of the risk management processes, information, and other technologies together across the organization. Many organizations see risk management initiatives fail when they purchase technology before understanding their process and information architecture and requirements. Organizations have the following technology architecture choices before them . . .
[GRC 20/20’s, Michael Rasmussen, is the author of this blog as a guest blogger at the following link]READ MORE