View Only
  • 1.  What is the primary goal of enterprise risk management?

    Posted Mar 27, 2020 01:18:00 PM
    While going over Module 3, I am interested to learn more about the purpose of enterprise risk management. Should enterprise risk management be a more central focused topic versus information risk management when evaluating risk, or should they be looked at and assessed equally?


  • 2.  RE: What is the primary goal of enterprise risk management?

    CSA Instructor
    Posted Mar 28, 2020 04:35:00 AM
    Edited by Guillaume Boutisseau Mar 28, 2020 07:07:22 AM

    Enterprise risk management addresses anything that could impact the business – or the enterprise – negatively. It covers a large range of domains, such as financial risks, competition, legal risks, health crises (if we can see them coming early enough), etc … and also of course some IT and Cloud specific domains such as cyber attacks, data breaches, loss of visibility and governance when outsourcing to 3rd parties, etc …

    The general purpose of enterprise risk management is to design an environment where if a potential risk becomes a reality and threatens the viability of the enterprise, the impact is at minimum contained. Or possibly to avoid a particular risk by structuring the business differently so that with the new structure or organisation that risk becomes irrelevant.

    Information risk management is just one of the domains covered in the big picture enterprise risk management function. It focuses on protecting the information that is vital for your business to run properly, against the risks that could impact your ability to access and use that information, or keep it confidential when sensitive.

    Guillaume Boutisseau
    CCSK Authorized Instructor , CCSP