I had the honor and privilege to spend several days last week with 400 IT leaders at our Gartner Peer Forum in Orlando, Florida. Speaking to the group gave me the opportunity to explain what many, including my fellow Gartner research colleagues, call “fluffy management stuff” or FMS for short.
What is FMS? Well, it refers to the myriad of approaches that companies employ while building program management capabilities to address major initiatives. In my case, I help companies looking to build risk management and security programs. FMS related to risk management and security programs can be quite deep and often obscures the ultimate objective – to succeed in a safe and secure manner.
At Gartner, we bring clarity to the FMS related to risk management and security through the lens of integrated risk management (IRM). Gartner defines IRM as “a set of practices and processes supported by a risk-aware culture and enabling technologies that improve decision making and performance through an integrated view of how well an organization manages its unique set of risks”. Using Gartner’s three dimensions of IRM — framework, metrics and systems — you can increase the maturity of your risk management disciplines to mitigate the digital business risks of the future.
As you might notice, the three dimensions of IRM – Framework, Metrics and Systems – spell “FMS”. However, that is where the similarity to FMS ends. In our research, we provide practical tools and methods to help companies construct an efficient and effective risk management and security program. In fact, just this week, we published a research note that details the top 10 factors for IRM success (Gartner subscription required).
If you are interested in learning more about constructing an efficient and effective risk management and security program, please make plans to attend one of our upcoming 2017 Gartner Summit Events across the globe. You can also read more of my research here – John A. Wheeler Research & Bio.
Category: audit-and-risk business-continuity-management cyber-risk cyber-security digital-risk enterprise-risk-management enterprise-risk-management-program-management grc irm risk-assessment-process-and-methodologies risk-coverage risk-management risk-response-strategies security technology-and-emerging-trends
Tags: cybersecurity integrated-risk-management integrated-risk-thinking it-security risk-management security
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.