integrated risk management (IRM)

Integrated Risk Management (IRM) is about risks that an integration of technologies, processes, programs and information in organizations entails and how such an organization deals with the risks.

In integrated risk management, risks are considered from across the organization and sustainable strategic decisions are derived for the use of supporting technologies to mitigate the risks. Integrated risk management encompasses all areas of a company's business, including the supply chains of its business partners. Instead of looking at and working through the risk areas separately, as is done in traditional risk management, integrated risk management is about a holistic view of the company's risks. Such a view includes the qualifiable and quantifiable business objectives and the risk mitigation measures that can be achieved with existing information technology systems.

The practices used in integrated risk management identify, analyze, and assess risks, which are then minimized by implementing programs. The approach and appropriate means are documented and provided to the appropriate staff. The following monitoring ensures the methodical implementation of risk minimization.