Risk Aggregation is the practice of combining domain-level risk reports, dashboards, and assessments into an enterprise-level summary. It produces a collection of domain views presented together - not a compound risk picture that reflects how the enterprise is actually exposed across governance boundaries.
Most organizations attempt to produce enterprise risk visibility through risk aggregation. Each governance domain reports on its own risk posture. Those reports are collected, summarized, and presented to leadership as an enterprise risk view. This is aggregation, not architecture.
The fundamental limitation of risk aggregation is that it cannot surface risks that form between domains. It can show what each domain sees individually. It cannot show what no domain sees - the compound risks that form at the intersections where domains share exposure.
Risk aggregation is not wrong. It is incomplete. It produces a useful summary of domain-level risk postures. But it does not produce the compound risk picture that leadership needs to understand how the enterprise is actually exposed.
The distinction between risk aggregation and the compound risk picture is central to the Governance Visibility Gap. Aggregation is what most organizations do. Architecture is what they need. ClarityOS produces the compound risk picture that aggregation cannot.