Dependency modeling and mapping

An important aspect of risk and compliance management is understanding how various parts of the organization are related to each other. Doing so allows for a more comprehensive risk assessment process. Stakeholders can more easily discern how risks in different parts of the organization and at different levels of the organization impact each other.

Dependency modeling

Dependency modeling is one of the activities required in order to ensure that an organization establishes a uniform definition of risk across the enterprise. The dependency model defines what relationships are allowed between different types of areas in the organization. This enables more effective risk normalization and aggregation by allowing stakeholders to more effectively compare and contrast risk appetite and exposure at various levels of the enterprise.

Creating a dependency model involves creating profile classes and defining how classes are structured with respect to each other using the Roll up to field.

Dependency mapping

Once dependency modeling is complete, you can build out a dependency map to define how different parts of the organization are related to each other. For example, you could specify that certain projects and business services could affect the HR department, which would in turn affect the enterprise.

Defining the dependency map involves creating profiles, defining the profile class for each profile, then relating profiles to each other by specifying the upstream/downstream relationship.