Information Technology

Gartner Glossary

Integrated Risk Management (irm)

Integrated risk management (IRM) is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks.

Under the Gartner definition, IRM has certain attributes:

  1. Strategy: Enablement and implementation of a framework, including performance improvement through effective governance and risk ownership
  2. Assessment: Identification, evaluation and prioritization of risks
  3. Response: Identification and implementation of mechanisms to mitigate risk
  4. Communication and reporting: Provision of the best or most appropriate means to track and inform stakeholders of an enterprise’s risk response
  5. Monitoring: Identification and implementation of processes that methodically track governance objectives, risk ownership/accountability, compliance with policies and decisions that are set through the governance process, risks to those objectives and the effectiveness of risk mitigation and controls
  6. Technology: Design and implementation of an IRM solution (IRMS) architecture

To understand the full scope of risk, organizations require a comprehensive view across all business units and risk and compliance functions, as well as key business partners, suppliers and outsourced entities. Developing this understanding requires risk and security leaders to address all six IRM attributes.


Read reviews of Integrated Risk Management Solutions…

Gartner Peer Insights has over 195 reviews on 23+ vendors in the Integrated Risk Management Solutions market. Learn about these companies and these products from IT professionals who have first-hand experience with them.

 

Discover Gartner Conferences

There are multiple Gartner conferences available in your area. Transform your business and experience the value of Gartner, live and in person.