What is integrated risk management? From GRC to a ‘Single Version of the Truth’

Duncan Graham Date published: Nov 16, 18

During the last 6 months, one of the most frequent questions I am asked from Chief Risk Officers is ‘What is Integrated Risk Management (IRM) and should we be looking at this model?’In short, the answer is a resounding yes. IRM takes a more holistic and joined up approach to delivering an enterprise-wide framework compared to the outdated Governance, Risk & Compliance (GRC) model.

What integrated risk management means for your organisation

The term IRM was created by Gartner following two years of research culminating in their recently released IRM Magic Quadrant. IRM is defined as a set of practices and processes supported by a risk-aware culture and enabling technology. It improves decision making and performance through an integrated view of how well an organisation manages its unique set of risks.

Understanding the full spectrum of risk and associated risk activities means that organisations must have a comprehensive view across all business units, risk and compliance functions. An IRM solution allows organisations to create relationships between:

• Policies
• Regulations
• Controls
• Risks
• Assets
• Processes
• business units
• people

To deliver this improved model Gartner identified six IRM attributes that risk and security leaders need to address.

1. Strategy: Enablement and implementation of a framework, including performance improvement through effective governance and risk ownership
2. Assessment: Identification, evaluation, and prioritization of risks
3. Response: Identification and implementation of mechanisms to mitigate risk
4. Communication and reporting: Provision of the best or most appropriate means to track and inform stakeholders of an enterprise’s risk response
5. Monitoring: Identification and implementation of processes that methodically track governance objectives, risk ownership/accountability, compliance with policies and decisions that are set through the governance process, risks to those objectives and the effectiveness of risk mitigation and controls
6. Technology: Design and implementation of an IRM solution (IRMS) architecture

In a nutshell, IRM breaks free from a siloed approach providing stakeholders with a ‘Single Version of The Truth’ with which to make key decisions, control and mitigate risk and identify opportunities across the enterprise.

The key benefits of an integrated risk management framework include having a single version of the truth, eliminating silos and promoting a security-focused culture. It improves overall effectiveness, cuts costs and uncovers opportunities, allowing organisations to rapidly respond to a changing regulatory environment.

Ideagen has been recognised as a CHALLENGER in Gartner's Magic Quadrant for Integrated Risk Management report. Find out more about our risk management software and how it can address the question of what is integrated risk management and deliver a more streamlined, holistic approach to managing risk in your organisation.