There is a model in risk management called the Swiss cheese model.
The idea is that risk management is a layered system, where layers of controls are designed to prevent bad things from happening. It is when the layers fail- or when the holes in a series of cheese slices align – that the controls fail to prevent the bad things from happening.
It is one thing to allow the holes to align; it is quite another not to have all the necessary cheese slices in place in the first place. Safe environment based prevent and mitigate SAM risk management is not comprehensive compared to risk management best practice.
Based on best practice risk management, key missing aspects include understanding the organization, its risks, and therefore its risk management needs. Developing risk management principles such as tailoring, adaptability, and effectiveness are also missed.
That risk management must be comprehensive to be effective is a BOKRIM core principle.