In 2019, organizational risks are turning into significant operational surprises, and the frequency will only increase as digital business requirements grow. There is no longer room for siloed risk management programs. Instead, security leaders must focus on building integrated risk management programs.
Risk management programs mitigate the impact of uncertainty on business performance. By 2021, more than 50% of large enterprises will use an integrated risk management solution set to provide better decision-making capabilities, up from approximately 30% today.
What is integrated risk management (IRM)?
Integrated risk management (IRM) is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improve decision making and performance through an integrated view of how well an organization manages its unique set of risks.
Under the Gartner definition, IRM has certain attributes:
- Strategy: Enablement and implementation of a framework, including performance improvement through effective governance and risk ownership
- Assessment: Identification, evaluation and prioritization of risks
- Response: Identification and implementation of mechanisms to mitigate risk
- Communication and reporting: Provision of the best or most appropriate means to track and inform stakeholders of an enterprise’s risk response
- Monitoring: Identification and implementation of processes that methodically track governance objectives, risk ownership/accountability, compliance with policies and decisions that are set through the governance process, risks to those objectives and the effectiveness of risk mitigation and controls
- Technology: Design and implementation of an IRM solution (IRMS) architecture
To understand the full scope of risk, organizations require a comprehensive view across all business units and risk and compliance functions, as well as key business partners, suppliers and outsourced entities. Developing this understanding requires risk and security leaders to address all six IRM attributes.
Gartner's top 10 factors of IRM success fit within three dimensions; framework, metrics and systems.