Optiv Cybersecurity Dictionary

What is Integrated Risk Management (IRM)/Governance Risk and Compliance (GRC)?

Governance, risk and compliance (GRC) is an organization's coordinated strategy for managing the broad issues of corporate governance, enterprise risk management and corporate compliance with regard to regulatory requirements. It describes technology platforms and business processes applied to monitor, inform and manage an organization's: 1) governance relative to specific legal, contractual, internal, social and ethical parameters, 2) comprehensive risk management efforts; 3) compliance with relevant industry regulations.


Integrated risk management (IRM) is an approach that integrates risk activities from across an organization to enable better and more sustainable strategy. Gartner coined the term in 2016 to describe the evolution of technologies and processes beyond what the firm now considers to be “legacy” GRC (governance, risk and compliance) approaches. Gartner differentiates IRM from GRC by suggesting GRC is primarily compliance-focused, confined within organizational silos and used by technical practitioners. By contrast, IRM is risk-focused, comprehensive and used by business leaders to drive strategic decision making.


Contact Us