Created by the Security Executive Council
The problems inherent in a siloed approach to risk assessment and management are all too common. Only by forming a team of representatives from other business units can corporate security ensure that their assessment process truly considers all the risks to the organization. You can't determine the sources of risk or which risks to mitigate, transfer, avoid or accept unless you have a clear, enterprise-wide view of the risks that are present.
The Security Executive Council calls this concept Unified Risk Oversight (URO). Boards of Directors require corporations to identify enterprise or board-level risk. They also require CEOs to report on these risks, how they're being mitigated, and who's responsible for each one. So security executives have a choice: Be proactive by instituting URO now or wait until the Board requires you to do it and takes you to task for neglecting it in the past.
Don't leave your business open to unnecessary risk. Team up with peers in your business to develop an enterprise perspective. Below is an infographic depicting the key elements of Unified Risk Oversight™.
The Security Executive Council's Unified Risk Oversight™ concept: