Assurance Services


NRM provides different audit services that are based on leading international standards and practises from the IIA and ISO.

  • Internal Audit Services
  • Risk Management Audit Services
  • Integrated (Combined) Assurance
  • Management System Audits

Integrated risk management

Gartner defines integrated risk management (IRM) as “a set of practices and processes supported by a risk-aware culture and enabling technologies that improve decision making and performance through an integrated view of how well an organization manages its unique sets of risks.” Why do we need IRM when we already have risk management? It’s a business maxim. Where business goes, risks follow. And where business has gone in recent years is different than before. Digital processes, global business, outsourcing to third parties, and more have created a preponderance of new risks that impact organizations through and through. In this post, we’ll give an up-close view of the major new risks that are demanding an IRM approach, and how such an approach uniquely manages these risks.

What is Integrated Risk Management?

The rise in digital processes, the era of globalization and the trend toward third-party reliance are forcing organizations to evolve from a siloed risk management approach to IRM, requiring additional technology to support these complex processes.

  • Bridging the strategy/tactics gap to ensure that project delivery is tied to organisational needs and vision.
  • Focusing projects on the benefits they exist to support, rather than simply on producing a set of deliverables.

Related Articles

Strategy, Tactics and Risk

Current Risk Management Scope

Including Opportunities

So what exactly is Integrated Risk Management today?

At the same time, an organization must apply this “integrated” view across a variety of risk management activities that take on distinct perspectives of risk. For example, a legal department has its own definition of risk and its own series of mitigation plans, but that legal definition of risk varies drastically from the way IT-related risk is being addressed. By integrating these siloed risk constructs under one centralized risk management framework, an organization can view and analyze every risk metric simultaneously.

Start mastering your courses! Try now for free