From GRC to a ‘Single Version of the Truth’, why you should be looking at IRM
During the last 6 months, one of the most frequent questions I am asked from Chief Risk Officers is ‘What is Integrated Risk Management (IRM) and should we be looking at this model?’
In short, the answer is a resounding yes. IRM takes a more holistic and joined up approach to delivering an enterprise-wide framework compared to the outdated silo driven Governance, Risk & Compliance (GRC) model.
The term IRM was created by Gartner following two years of research culminating in their recently released IRM Magic Quadrant. IRM is defined as a set of practices and processes supported by a risk-aware culture and enabling technology, that improves decision making and performance through an integrated view of how well an organisation manages its unique set of risks.
Understanding the full spectrum of risk and associated risk activities means that organisations must have a comprehensive view across all business units, risk and compliance functions. An IRM solution allows organisations to create relationships between policies, regulations, controls, risks, assets, processes, business units, people and other objects.
To deliver this improved model Gartner identified six IRM attributes that risk and security leaders need to address.
- Strategy: Enablement and implementation of a framework, including performance improvement through effective governance and risk ownership
- Assessment: Identification, evaluation, and prioritization of risks
- Response: Identification and implementation of mechanisms to mitigate risk
- Communication and reporting: Provision of the best or most appropriate means to track and inform stakeholders of an enterprise’s risk response
- Monitoring: Identification and implementation of processes that methodically track governance objectives, risk ownership/accountability, compliance with policies and decisions that are set through the governance process, risks to those objectives and the effectiveness of risk mitigation and controls
- Technology: Design and implementation of an IRM solution (IRMS) architecture
In a nutshell, IRM breaks free from a federated system (silo) approach providing stakeholders with a ‘Single Version of The Truth’ with which to make key decisions, control and mitigate risk and identify opportunities across the enterprise.
Key benefits include
- Single Integrated View Across the Enterprise
- Eliminates Silos & Promotes a Security-Focused Culture
- Improves Effectiveness & Cuts Costs
- Uncovers Opportunities
- IRM Allows Organisations to rapidly respond to a changing regulatory environment
Ideagen has been recognised as a CHALLENGER in Gartner's Magic Quadrant for Integrated Risk Management report.