IRM is a suite of processes and procedures, reinforced by a risk-intelligent culture, and enabling technologies. This combination, enhances decision making and improves performance, by harnessing an integrated view of how effectively an organization manages its risk exposures.

IRM is based upon the following attributes:

Strategy: Effective governance and risk ownership, that enables the implementation of an appropriate framework, that drives performance improvement.

Assessment: Comprehensive identification processes, wide-ranging evaluation and rational prioritization of risks. 

Response: Comprehensive discovery and implementation, of risk mitigation and risk response measures.

Communication And Reporting: Aggregation and delivery, of appropriate risk data, to inform stakeholders, and track an enterprise’s risk responses. 

Monitoring: Identification and implementation of processes, that systematically track governance objectives, risk ownership/accountability, and compliance with policies and decisions.

Technology: Design and implementation, of an IRM solution (IRMS) architecture, to support a risk intelligent delivery model. 

Whole of Business Approach: To comprehend the entire scope of risk, a comprehensive view across all business units and risk and compliance functions, is essential. Visibility of key business partners, suppliers and outsourced entities must be included, to develop that understanding, and requires risk and security leaders, to confront all seven IRM attributes.