Gartner defines Integrated Risk Management (IRM) as “practices and processes and enabling technologies supported by a risk-aware culture that improves decision making and performance through delivery of an integrated view of how well an organization manages its unique set of risks. A key distinction in Gartner’s definition of IRM is the integration with Enterprise Risk Management (ERM) relating to strategic risks impacting operational and technology risk management objectives. Today, the terms IRM and Governance, Risk and Compliance (GRC) are used by vendors interchangeably in marketing without real consideration of differentiation between them”.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from EsseQuamVideri Srl.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.