John Wheeler

John A. Wheeler is a Research Director at Gartner responsible for covering risk management and executive leadership topics. His areas of specialty include operational risk management, executive management/leadership and corporate governance.

More From The Author >>

Dear CTO & CIO, Good Job. Now All You Have to do is Integrate That Risk Management.

Risk management programs must address a widening array of IT threats associated with digital business.

Photo Credit :,

Organizations are experiencing risks that have actually translated into significant operational surprises, and it is becoming more challenging to forecast critical risks. Siloed risk management programs are no longer effective. Integrated risk management (IRM) is key.

What is IRM?

Many organizations are good at domain-specific risk management, but they struggle to harmonize the three key pillars of a successful security and risk management program: a strong framework, metrics and systems. IRM can remedy this challenge.

IRM is a set of practices and processes supported by a risk-aware culture and enabling technologies that improve decision making and performance through an integrated view of how well an organization manages its unique set of risks.

IRM encompasses a holistic analysis of internal and external risk factors. Successful organizations design a framework that seamlessly connects risks at a strategic, operational and IT level. To understand the full scope of risk, organizations require a comprehensive view across all business units and risk and compliance functions, as well as key business partners, suppliers and outsourced entities.

Think about IRM like a road trip. A GPS maps the route and shows progress and a vehicle enables you to reach your destination. Similarly, a framework maps an organization’s risk, metrics measure progress and systems drive an organization to meet their goals. Security and risk management leaders can take these four steps to develop an IRM program to bridge the gap between enterprise risk, technology risk and digital risk:

1. Develop an effective framework that is unique to the organization’s risk profile

2. Employ metrics to identify how risk influences the behavior and ability of individuals to achieve the organization’s goals

3. Use a pace-layering methodology to design, implement and integrate risk management systems

4. Grow the maturity of an organization’s risk management disciplines to mitigate future digital business risks

Gartner predicts, by 2021, 50% of large enterprises will use an IRM solution set to provide better decision-making capabilities, and that the IRM solutions market will grow to $7.3 billion by 2020.

Why is IRM important?

Gartner predicts, by 2021, 50% of large enterprises will use an IRM solution set to provide better decision-making capabilities, and that the IRM solutions market will grow to 7.3 billion dollars by 2020. Digitized organizations are prioritizing the need for risk management programs that alleviate IT security threats.

Key decision makers are increasingly focused on major operational risks across the extended global organization. Security and risk management leaders need to manage the diversity of these extended risks with an integrated approach to risk management.

Security and risk management leaders need to evolve their risk thinking. Adopting a risk management program that addresses the threats associated with digitization is imperative. They should implement an IRM solution to meet the demands of digital transformation and move their organization forward in a safe, profitable way.

Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house

Around The World