SysFEAT - Systemic Framework for Enterprise Architecture & Transformationk

DEFINITION CONCEPT GRAPH CONCEPT DESCRIPTIONS CONTENT MANAGEMENT

CONCEPT DOMAIN - Operational Risk Assurance

Description
Dictionary	Dictionary of SysFEAT concepts
Parent Domain	SysFEAT Enterprise Domains
Domain dependencies	Appraisal Pattern Measurement Operational Assurance Policies

DOMAIN CONCEPT GRAPH

../images/7a0ac65f5dde3e8a_7a0ac7685dde4b9c_i.png

CONCEPT DESCRIPTIONS

Concrete Concepts

Concept	Description
Control Directive	A Control Directive is a kind of Policy that provides recommendations on how to comply with Regulation Articles. Once implemented, Control Directives enforces any Regulatory Framework your enterprise has to comply with. References: GRCschema.org - Control UCF - What are Common Controls UCF Glossary - Common Control
Governance Committee	A Governance Committee is a group of Stakeholders that contributes to architecting and assurance activities and governs Enduring Initiatives.
Individual Stakeholder	An Individual Stakeholder is a person with a Stakeholder role in architecting & assurance activities.
Key Risk Indicator	A Key Indicator can be any metric used by organizations to provide an early warning of increasing risk exposures in various areas of the enterprise, based on pre-defined thresholds.
Management Initiative Committee	A Management Initiative Committee is a Governing Team responsible for overseeing the administration of a Management System.
Operating Risk Type	An Operating Risk Type is a kind of Operational Risk Type that refers to the potential for loss resulting from inadequate or failed internal processes, people, and systems, or from external events.
Operational Assurance Case
Operational Incident	The incident impacted elements are a subpart of the risk’s scope. The incident causes and consequences are a subpart of the risk’s ones. But the incident scope (processes, entities etc.) are not filtered within the scope of the risk connected to the incident, because the link between risk and incident isn’t always done.
Operational Risk Assessment	A Operational Risk Assessment is an assessment carried out over a determined time period. When an assessment session is published, an assessment questionnaire containing questions is sent to targeted assessors.
Operational Risk Management System	A Operational Risk Management System is an Assurance System that ensures risk prevention and management, application of internal operating rules, respect a law or regulation
Policy Framework	A Policy Framework is a set of Policy Assets, defined in laws published by governements or in policy frameworks defined by the enterprise. Both Business Policy Frameworks and Regulatory Frameworks are Policy Framework(ies). References: UCF Glossary - Framework
Process Family	A Process Family is a categorization of Business Operating Assets used to assert that a Business Operating Asset belongs to a specific process domain.
Risk Factor	A risk factor is an element which contributes to the occurrence of a risk or which triggers a risk. Several risks can originate from a same risk factor. Examples: the use of a hazardous chemical product, the complexity of an application, the size of a project, the number of involved parties, the use of a new technology, the lack of quality insurance, the lack of rigor in requirements definition, etc.
Risk Likelihood
Risk Severity

Abstract Concepts

Concept	Description
Assurance Case	An Assurance Case is a claim that a particular enterprise asset or group of Functional Asset adequately mitigates certain identified Risk Types by means of appropriated Control Measures. An Assurance Case shall provide confidence that the concerned assets will function as intended in their environment of use. Privacy Processing Activity(ies), Data Lineages are examples of Assurance Cases . References: NIST - Assurance Case OMG - SACM : AssuranceCasePackage
Assurance Instrument	An Assurance Instrument is a resource or course of actions used by an Assurance System to achieve its objectives. For instance: Actions plans are course of actions aimed at solving incidents. Data Controls are mechanisms used to ensure data quality and data integrity Privacy Representatives are used to identify national entities in charge of privacy.
Control Measure	A Control Measure is a Resource Operating Asset (agent or behavior) that is taken to prevent, eliminate or reduce the occurrence of a hazard that has been identified in the context of an Assurance Case. References: OpenGroup - TOGAF - Enterprise MetaModel - Control UCF Glossary - Control
Governance Event	A Governance Event is any event that has an impact on the management and governance of an Enduring Initiative. This includes the result of Assessments, Decisions, recorded Incidents, Drivers, etc.
Management System	A Management System is a mezzo Enduring Initiative within an Enterprise, aimed at creating, maintaining, evaluating, evolving, and operating a collection of essential Functional Architecture Assets of the Enterprise. A Management System may transcend organisational boundaries and consequently requires an integrated team working under the direction of a Management Initiative Committee. References: ISO 22301 - Management System ISO 9000 - 3.5.3 Management System OpenGroup - TOGAF - Definition - Portfolio SAFe© - Large Solution SAFe SAFe© -Enterprise Solution Delivery
Policy	A Policy is a Directive that is not directly enforceable whose purpose is to govern, guide or constrain the structure and Behavior of Agents in the enterprise. Policies provide the basis for rules and govern Behaviors carried out by Agents. Example of Policys are Regulation Articles, Business Policys or Architecture principles. References: OMG - BMM - Business Policy OMG - UAF - Rule
Resource Action Process	A Resource Action Process is a Action Process that describes a typical course of action intended to produce and react to Resource Outcome Events, through the involvement of Resource Agents (Participant Resource Agent). During its course of action, a Resource Action Process consumes or produces Resource Assets. 1) It may memorize or access Resource Assets to and from its Process Stores. 2) It may receive Resource Assets at its boundary: Resource Outcome Consumptions. 3) It may signal the production of Resource Assets at its boundary: Resource Outcome Productions. The course of actions of an Resource Action Process is constrained by the application of rules ( Resource Rule Enforcement) that define what is allowed and not allowed to do. Within SysFEAT, we can examine Resource Action Processes from two distinct perspectives: a) An operations business perspective is offered by Business Processes. c) An automated viewpoint is provided by System Processes. References: OMG - UAF - Function
Resource Agent	A Resource Agent is an entity type which instance belongs to the physical space, and comprises Human Agents, Hardware Systems, Software Systems and Natural Resources. Resource Agent is the supertype of all types of Agents that produce and react to Resource Outcome Events. This includes: 1) Business Agents which represent physical resources that produce and react to Business Outcome Events of the enterprise. 2) Technology Systems which represents enabling systems that produce and react to Technology Outcome Events.
Resource Operating Asset	Resource Operating Assets comprise all resources which contributes to the production and consumption of Business Outcome Events of the enterprise. Resource Operating Assets are subject to Operational Risks.
Risk Type	A Risk Type is a distinct category or classification of risk based on its origin, nature, or potential impact. It helps in organizing and addressing different sources of uncertainty or potential harm that an individual, organization, or system might face. By categorizing risks into different types, entities can develop more targeted mitigation strategies and response plans. Common risk types include Operational Risk Type, Privacy Risk Type, and Compliance Risk Type, among others,

CHARTER

Missing Content

Governance

Provide Feedback