Abstract:

Enterprises are complex, highly integrated systems comprised of business processes, organizational structures, information flows, decision-making bodies and rules, and supporting technologies, with multifaceted interdependencies and interrelationships across their boundaries and enterprise functions. In such real-world objects, the risk always exists, whether or not it is detected or recognized by an enterprise. Effective Risk Management (RM) stays substantial for the success of either regular operations or transformational (change) activities taken by the enterprise. But many RM efforts operate in silos with narrowly focused, functionally driven, and disjointed activities. That leads to a fragmented view of risk, where each activity uses its own language, customs, procedures, and metrics. The lack of interconnection and holistic view of risk limits an organization-wide perception of risk, where interdependent risks are not anticipated, controlled, or managed in the proper way. The Enterprise Architecture (EA) is seen as a logical approach to help achieve integration across all the components of an organization and with its environment over the transformation. But by implementing EA, the organization will be threatened from different aspects. The proposed EA Risk Model is easy to use and can be applied by organizations to protect themselves from the outcomes of unpredicted risk, as well as manage risk when they find themselves in a threatening situation based on existing risk related to implementing the EA.