Integrated risk management (IRM) is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks.
Under the Gartner definition, IRM has certain attributes:
Strategy: Enablement and implementation of a framework, including performance improvement through effective governance and risk ownership
Assessment: Identification, evaluation and prioritization of risks
Response: Identification and implementation of mechanisms to mitigate risk
Communication and reporting: Provision of the best or most appropriate means to track and inform stakeholders of an enterprise’s risk response
Monitoring: Identification and implementation of processes that methodically track governance objectives, risk ownership/accountability, compliance with policies and decisions that are set through the governance process, risks to those objectives and the effectiveness of risk mitigation and controls
Technology: Design and implementation of an IRM solution (IRMS) architecture
To understand the full scope of risk, organizations require a comprehensive view across all business units and risk and compliance functions, as well as key business partners, suppliers and outsourced entities. Developing this understanding requires risk and security leaders to address all six IRM attributes.