What is integrated risk management? From GRC to a ‘Single Version of the Truth’

16 November 2018

silhouettes of people connecting with each other on a dark blue ground
What is integrated risk management? From GRC to a ‘Single Version of the Truth’

Share this

During the last 6 months, one of the most frequent questions I am asked from Chief Risk Officers is ‘What is Integrated Risk Management (IRM) and should we be looking at this model?’In short, the answer is a resounding yes. IRM takes a more holistic and joined up approach to delivering an enterprise-wide framework compared to the outdated Governance, Risk & Compliance (GRC) model.

What integrated risk management means for your organisation

The term IRM was created by Gartner following two years of research culminating in their recently released IRM Magic Quadrant. IRM is defined as a set of practices and processes supported by a risk-aware culture and enabling technology. It improves decision making and performance through an integrated view of how well an organisation manages its unique set of risks.

Understanding the full spectrum of risk and associated risk activities means that organisations must have a comprehensive view across all business units, risk and compliance functions. An IRM solution allows organisations to create relationships between:

  • Policies
  • Regulations
  • Controls
  • Risks
  • Assets
  • Processes
  • business units
  • people

To deliver this improved model Gartner identified six IRM attributes that risk and security leaders need to address.

  1. Strategy: Enablement and implementation of a framework, including performance improvement through effective governance and risk ownership
  2. Assessment: Identification, evaluation, and prioritization of risks
  3. Response: Identification and implementation of mechanisms to mitigate risk
  4. Communication and reporting: Provision of the best or most appropriate means to track and inform stakeholders of an enterprise’s risk response
  5. Monitoring: Identification and implementation of processes that methodically track governance objectives, risk ownership/accountability, compliance with policies and decisions that are set through the governance process, risks to those objectives and the effectiveness of risk mitigation and controls
  6. Technology: Design and implementation of an IRM solution (IRMS) architecture

In a nutshell, IRM breaks free from a siloed approach providing stakeholders with a ‘Single Version of The Truth’ with which to make key decisions, control and mitigate risk and identify opportunities across the enterprise.

The key benefits of an integrated risk management framework include having a single version of the truth, eliminating silos and promoting a security-focused culture. It improves overall effectiveness, cuts costs and uncovers opportunities, allowing organisations to rapidly respond to a changing regulatory environment.

Ideagen has been recognised as a CHALLENGER in Gartner's Magic Quadrant for Integrated Risk Management report. Find out more about our risk management software and how it can address the question of what is integrated risk management and deliver a more streamlined, holistic approach to managing risk in your organisation.

Ideagen's Duncan Graham
Written by

Duncan Graham

Duncan has worked as product lead for the Pentana Performance solution for over a decade. He has helped hundreds of organisations achieve an integrated approach to Strategic Execution, Corporate Performance, Governance, Risk & Assurance. He has gained significant insight through working with a diverse customer portfolio, and utilises this knowledge in his approach to solution design and discovery workshops to ensure successful customer outcomes.

My Business Need

This will help us identify the best software product for you.

Tell Us More

Please share some further detail so we can refine your product recommendations.