• David Tessaro

From Reactive to Managed: Understanding Integrated Risk Management

Updated: Oct 27, 2020

Understanding current maturity drives forward progress

Cerna Solution’s team of experts developed a maturity model that integrates risk, compliance, governance, and audit into one Integrated Risk Management (IRM) model. This model provides a map of typical organizational maturity as it relates to People, Process, and Technology:

People: Organizational goals are achieved with a clear delegation of roles and responsibilities.

Process: The way processes are defined and executed enables risk and compliance management.

Technology: Tools assist people by reinforcing processes and visualizing data.

Often organizations find that while mature in one area, they are behind in another. Understanding current maturity as it relates to each of the three facets above will help map out the next steps to drive forward progress.

Breaking down maturity into four levels and three dimensions

Integrated Risk Management can be broken down into four maturity levels as they relate to the three dimensions of People, Process, and Technology:

  1. Disjointed organizations often have duplicate efforts across frameworks, with no clearly defined responsibilities, processes, or tools (e.g. spreadsheets, Word, Access, etc.).

  2. Reactive organizations prioritize their time in reaction to changing priorities and events. They have basic delegation of responsibility, with documented processes that are enforced by a centralized tool.

  3. Proactive organizations are anticipating issues before they happen, monitoring control compliance, with comprehensive delegation of responsibilities and secure, central, data storage.

  4. Managed organizations have identified roles and responsibilities that align with organizational accountability. They have automated monitoring and lifecycles in an intuitive, single view of integrated risk that includes real-time governance, compliance, and audit information.


Related: Mitigating Vendor Risks with ServiceNow


See what’s next in the maturity journey

While understanding the current state of risk maturity is the first step, mapping out the next steps of the maturity journey can be daunting and confusing. This is why Cerna Solutions is standing by to provide the expertise and tools to expedite the IRM maturity journey. Cerna Solutions is a team of 100% US-based ServiceNow experts that possess deep knowledge of how to properly integrate people and process with industry-leading technologies. Contact us for an IRM maturity assessment.

Read More: Recent Posts