24
Total Risks
3
Critical
42
Controls
87%
Coverage
Digital Transformation is now outside tolerance due to three high risks.
Strategic Map
| Objective | Risks | Appetite | Status |
|---|---|---|---|
| Grow revenue by 15% YoY | 5 | Medium | At Risk |
| Reduce operational costs by 10% | 8 | Low | Outside |
|
Linked Risks
R-012 Supply chain cost overrun
20
R-015 Vendor contract inflation
16
R-018 Energy cost volatility
15
R-021 Automation delays
12
R-024 Process inefficiency
10
|
|||
| Complete cloud migration by Q4 | 6 | High | At Risk |
| Achieve ISO 27001 certification | 3 | Very Low | On Track |
| Maintain debt-to-equity below 0.5 | 2 | Low | On Track |
| Achieve NPS score of 70+ | 4 | Medium | On Track |
| Reduce staff turnover to <12% | 3 | Medium | At Risk |
| Launch in 3 new markets | 5 | High | On Track |
✦ AI Observations
- Revenue Growth has 3 high-impact risks
- Operational Excellence is outside appetite
- Digital Transformation risk increasing
Recommendations
- → Add controls to R-004
- → Review appetite for Ops
Risk Distribution
| Impact | 5 | |||||
| 4 | ||||||
| 3 | ||||||
| 2 | ||||||
| 1 | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| Likelihood | ||||||
1-5 Low
6-10 Medium
11-15 High
16-25 Critical
R-001 threatens Operational Excellence — 2 linked controls need review.
R-001
Data Breach Risk
Digital Transformation
25
Open
R-002
Supply Chain Disruption
Operational Excellence
20
Mitigating
R-003
GDPR Compliance Gap
Regulatory Compliance
16
Open
R-004
System Failure
Operational Excellence
15
Mitigating
R-005
Staff Turnover
Operational Excellence
12
Monitoring
R-006
Market Volatility
Revenue Growth
10
Monitoring
R-001 Analysis
This risk threatens Digital Transformation because data security underpins customer trust.
AI Observations
- Exposure increased 15% this quarter
- 2 controls below effectiveness target
Suggested Controls
- ✦ Access Review Process
- ✦ Encryption at Rest
87%
Control Coverage
Digital Transformation controls need strengthening — 2 gaps identified.
Digital Transformation
78%
Multi-Factor Authentication
R-001
92%
Security Log Monitoring
R-001
85%
✦ Access Review Process
R-001
—
Operational Excellence
91%
Supplier Risk Assessment
R-002
95%
Business Continuity Plan
R-002, R-004
88%
Regulatory Compliance
94%
Data Encryption (AES-256)
R-003
95%
Privacy Impact Assessment
R-003
90%
AI Assessment
Controls exist to protect goals. Digital Transformation needs attention — consider AI suggested controls.
Executive Risk Summary
Executive Enterprise Risk Management (ERM) Summary
Purpose of This ERM Summary
This Executive ERM Summary provides a consolidated view of how the organisation's strategic objectives, risk exposure, and risk responses are aligned.
It is designed to support executive decision-making by answering three core questions:
- Are we taking the right risks to achieve our strategy?
- Are the most material threats being actively managed?
- Where are the gaps between risk appetite and actual exposure?
Strategic Context
The organisation is pursuing three primary strategic objectives for FY 2025/26:
| Strategic Objective | Description |
|---|---|
| SO1 – Revenue Growth | Grow annual revenue by 18% through new market expansion |
| SO2 – Operational Excellence | Reduce cost-to-serve and improve delivery reliability |
| SO3 – Regulatory Protection | Maintain zero material compliance breaches |
3. Enterprise Risk Profile
The current enterprise risk profile shows heightened exposure in two areas: growth execution and operational resilience.
| Risk Category | Inherent | Residual | Trend |
|---|---|---|---|
| Strategic | High | Medium-High | â–² |
| Operational | High | Medium | â–² |
| Financial | Medium | Low-Medium | â–¼ |
| Compliance | Medium | Low | â–¬ |
| Technology | High | Medium | â–² |
Key Insight: The organisation is taking more risk to pursue growth, but control maturity is not yet increasing at the same pace.