IRM Enterprise Risk Management Framework (Institute of Risk Management)
The Institute of Risk Management (IRM) provides professional risk management standards and qualifications. The IRM Enterprise Risk Management framework guides organisations in developing and implementing ERM. Key publications: IRM Risk Management Standard (2002, with ISO 31000 alignment), IRM Horizon Scanning guidance, IRM Cyber Risk Resources, and IRM Risk Culture guidance. IRM is the world's leading professional body for risk management, with members in 143 countries. IRM qualifications (International Certificate/Diploma/Advanced Diploma in Risk Management) are recognised globally by employers and regulators.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (7)
IRM Capability + Coord + Improvement
| Code | Title |
|---|---|
| IRM-Capability-Training-CMIRM-Improvement-Integration-Coord-ISO31000-COSO-FRC-Walker-Basel-APRA | IRM Capability + Risk Training + CMIRM/Diploma Qualifications + Continual Improvement + Integration with Strategy + Coordination ISO 31000 + COSO ERM + UK FRC + Walker Review + Basel + APRA + GRC Software |
IRM ERM Scope + 2002 Standard
| Code | Title |
|---|---|
| IRM-Scope-ARM-Standard-2002-AIRMIC-ALARM-IRM-ISOGuide73-ISO31000-Definitions-Upside-Downside | IRM ERM Framework Scope + A Risk Management Standard (2002) + Co-Authored AIRMIC/ALARM/IRM + ISO Guide 73 Vocabulary + Upside/Downside Risk + CMIRM Qualification |
IRM Project + Third Party + Resilience + Assurance
| Code | Title |
|---|---|
| IRM-Project-Programme-ThirdParty-SupplyChain-Resilience-BCP-Crisis-AssuranceMapping-3LoD | IRM Project + Programme Risk + Third Party + Supply Chain Risk + Operational Resilience + BCP + Crisis Management + Assurance Mapping + Three Lines of Defence |
IRM Reporting + KRIs + Horizon Scanning
| Code | Title |
|---|---|
| IRM-Reporting-KRIs-Performance-HorizonScanning-Dashboard-Heatmap-RiskRegister-EmergingRisk | IRM Risk Reporting + Key Risk Indicators (KRIs) + Performance Measurement + Horizon Scanning + Dashboard + Heat Map + Risk Register + Emerging Risk Identification |
IRM Risk Architecture + Strategy + Protocols + Culture
| Code | Title |
|---|---|
| IRM-Architecture-Strategy-Protocols-Appetite-Culture-Board-Audit-Committee-CRO-Three-Lines | IRM RASP - Risk Architecture + Strategy + Protocols + Risk Appetite Statement + Risk Culture + Board + Audit Committee + Chief Risk Officer + Three Lines of Defence + Tone at the Top |
IRM Risk Categories
| Code | Title |
|---|---|
| IRM-RiskCategories-Strategic-Financial-Operational-Knowledge-FOIL-External-Internal-DownsideUpside | IRM Four Risk Categories - Strategic + Financial + Operational + Knowledge + FOIL Typology + External vs Internal + Downside Threats and Upside Opportunities + Risk Universe |
IRM Risk Management Process
| Code | Title |
|---|---|
| IRM-Process-Identification-Analysis-Evaluation-Treatment-Monitoring-Review-ISO31000-Aligned | IRM Risk Management Process - 5-Stage Cycle + Identification + Analysis (Inherent/Residual) + Evaluation + Treatment (4Ts Tolerate/Treat/Transfer/Terminate) + Monitoring + Review + Communication + Risk Register |
Your Compliance Coverage
If you comply with IRM Enterprise Risk Management Framework (Institute of Risk Management), you already cover:
NIST Privacy Framework
29%
2 controls mapped
Compare →Vietnam Law on Cybersecurity (No. 24/2018/QH14)
29%
2 controls mapped
Compare →Vermont Artificial Intelligence and Consumer Data Act (AICDA)
29%
2 controls mapped
Compare →+ 73 more: US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule (29%), UK Defence Standard 05-138 - Cyber Security for Defence Suppliers (29%)
See all 76 mapped frameworks ↓Maps to 76 other frameworks
Frequently Asked Questions
What is IRM Enterprise Risk Management Framework (Institute of Risk Management)?
IRM Enterprise Risk Management Framework (Institute of Risk Management) is a compliance framework from International (IRM) with 7 domains and 7 controls. The Institute of Risk Management (IRM) provides professional risk management standards and qualifications. The IRM Enterprise Risk Management framework guides organisations in developing and implementing ERM. Key publications: IRM Risk Management Standard (2002, with ISO 31000 alignment), IRM Horizon Scanning guidance, IRM Cyber Risk Resources, and IRM Risk Culture guidance. IRM is the world's leading professional body for risk management, with members in 143 countries. IRM qualifications (International Certificate/Diploma/Advanced Diploma in Risk Management) are recognised globally by employers and regulators. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does IRM Enterprise Risk Management Framework (Institute of Risk Management) have?
IRM Enterprise Risk Management Framework (Institute of Risk Management) has 7 controls organised across 7 domains. The largest domains are IRM Capability + Coord + Improvement (1 controls), IRM ERM Scope + 2002 Standard (1 controls), IRM Project + Third Party + Resilience + Assurance (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does IRM Enterprise Risk Management Framework (Institute of Risk Management) map to?
IRM Enterprise Risk Management Framework (Institute of Risk Management) maps to 76 other compliance frameworks. The top mapping partners are NIST Privacy Framework (29% coverage), Vietnam Law on Cybersecurity (No. 24/2018/QH14) (29% coverage), Vermont Artificial Intelligence and Consumer Data Act (AICDA) (29% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with IRM Enterprise Risk Management Framework (Institute of Risk Management) compliance?
Start your IRM Enterprise Risk Management Framework (Institute of Risk Management) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about IRM Enterprise Risk Management Framework (Institute of Risk Management) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 7 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required