Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
https://www.creativesecuritydesigns.com/the-world-of-information-security/enterprise-risk-management/erm-vs-traditional-risk-management/ 1/4
9/22/2019 Creative Security Design Concepts, LLC - ERM vs. Traditional Risk Management
This part is very important… With market capitalizations often significantly exceeding
historical balance sheet values, the application of risk management to intangible assets is
critically important. Just as potential future events can affect the value of tangible physical
and financial assets, so too can they affect the value of key intangible assets, e.g., customer
assets, employee/supplier assets and organizational assets such as the entity’s distinctive
brands, differentiating strategies innovative processes and proprietary systems. This is the
essence of what ERM contributes to the organization – the elevation of security and risk
management to a strategic level by broadening its application to ALL sources of value, not
just physical and financial ones.
There are five sources of value with sub-assets within each value within traditional risk
management:
The ERM process can lead to more comprehensive risk responses when management
identifies potential future events (i.e. strategy) that could affect each category of assets
critical to the execution of said strategy. This diagram illustrates categories of potential
future events that might be considered during a risk assessment:
https://www.creativesecuritydesigns.com/the-world-of-information-security/enterprise-risk-management/erm-vs-traditional-risk-management/ 2/4
9/22/2019 Creative Security Design Concepts, LLC - ERM vs. Traditional Risk Management
An enterprises sources of value, whether tangible or intangible are inherent, in its business
model. They are affected be sources of uncertainty which must be understood and managed
as an organization works to achieve its performance objectives. They may be external,
internal or both. For example, environmental risk are uncertainties arising in the external
environment affecting the viability of the enterprises business model. Process risks are
uncertainties affecting the execution of the business model, and therefore often arise
internally within the organizations business processes.
Because inadequate knowledge and information breeds more uncertainly, information for
decision making risk are uncertainties affecting the relevance and reliability of information
supporting management’s decision to proceed with a certain business strategy or direction.
https://www.creativesecuritydesigns.com/the-world-of-information-security/enterprise-risk-management/erm-vs-traditional-risk-management/ 3/4
9/22/2019 Creative Security Design Concepts, LLC - ERM vs. Traditional Risk Management
https://www.creativesecuritydesigns.com/the-world-of-information-security/enterprise-risk-management/erm-vs-traditional-risk-management/ 4/4