An important aspect of risk and compliance management is understanding how various parts
of the organization are related to each other. Doing so allows for a more comprehensive risk
assessment process. Stakeholders can more easily discern how risks in different parts of the
organization and at different levels of the organization impact each other.
Dependency modeling is one of the activities required in order to ensure that an organization
establishes a uniform definition of risk across the enterprise. The dependency model defines
what relationships are allowed between different types of areas in the organization. This
enables more effective risk normalization and aggregation by allowing stakeholders to more
effectively compare and contrast risk appetite and exposure at various levels of the
Creating a dependency model involves creating profile classes and defining how classes are
structured with respect to each other using the Roll up to field.
Once dependency modeling is complete, you can build out a dependency map to define how
different parts of the organization are related to each other. For example, you could specify
that certain projects and business services could affect the HR department, which would in turn
affect the enterprise.
Defining the dependency map involves creating profiles, defining the profile class for each
profile, then relating profiles to each other by specifying the