[摘要] In this paper we describe an enterprise assurance model allowing many layers of the enterprise architecture from the business processes; supporting applications and the IT infrastructure and operational processes to be represented and related from a control and risk perspective. This provides a consistent way of capturing and relating the risk views for the various stakeholders within the organisation. At the low-level we use assurance models to provide automated testing of controls and policies and at the higher level these results are related across the enterprise architecture. This enables a repository for manual and automated test results that can be used to derive different (but consistent) views for the various stakeholders. Publication Info: BT Technology Journal, Vol 25, no.1, Jan. 07 18 Pages