Literature review: Summary

The reviewed literature has shown the need to align activities, including risk management, with the strategy and objectives of the organisation.

It has gone in depth into risk and risk management. It has introduced the concept of holistic or enterprise risk management together with the motivating role of compliance, which is in opposition to current silo mentality in risk management.

Subsequently, it has identified the twofold role of information as risk connector of different risks and business process element and what organisations need to do to practise an effective information security, contrasting it with how it is currently done in organisations.

This review has also presented the pervasive nature of operational risks in organisations and finally, it has provided references on reasons to link these risk management practices and on how to do so and the benefits this tie provides to the organisation.

The final part of this review deals with an indispensable condition for this link to succeed and bring real benefits to the organisation: management commitment. This condition falls under management innovation.