SRA-E Lisbon 2017

Risk management is a process that involves multiple stakeholders with different concerns, meaning the concepts, techniques and practices suitable for its application have a strong dependency from the context of problem. Accordingly, in a first moment that lead to a proliferation of specialized frameworks defining how risk management should be established and implemented in specific domains, and therefore privileging specific viewpoints and views. The diversity of contexts and the proliferation of domain-specific knowledge created several fragmented views of risk with different languages, parametrizations, and metrics. This known “silos reality” can be a problem in scenarios where several risk reports, each rich in its own domain-specific risk management concepts, have to be analysed for a common purpose (such as, for example, addressing strategic issues). In other words, despite the efforts of defining common risk management concepts to be used in different domains, risk management tends to operate in silos with narrowly focused, functionally driven, and disjointed focus. We address this problem, proposing a solution based on a risk management ontology. This ontology was built considering the main frameworks such as ISO31000, ISO27005 and Risk IT, and we demonstrate how it can be used as part of a process to facilitate the harmonization of risk management information originally produced in different silos. This work was supported by national funds through Fundação para a Ciência e a Tecnologia (FCT) with reference UID/CEC/50021/2013.