As part of its research governance and compliance solution, IRMA includes a risk management module. This module allows the management of risk across an entire research portfolio.
This module has been designed from the ground up to leverage many of the innovations that have come from collaborative design process between University Office and its clients.
The risk management module allows for the capture of risks through two very different approaches:
- Direct entry of risks
- Automatic identification of risks from other IRMA modules using a series of client defined risk identification rules that are linked to the programmable questions.
The automatic identification of risks from the questionnaire is as an important innovation, as risks can be identified in a systematic way without additional data entry from researchers. This automatic identification means that the risk identification process is not only active as part of an initial data capture process, but also as part of an amendment process, reporting process, or at any time that data on a record is updated.
The risk management module has been designed with the standard ISO 310000 in mind by including the following features:
- Risk are described by event, cause, impact and control measure; where multiple causes, impacts and control measures can be recorded.
- Allowing for any number of risk matrices to be defined that are associated to a risk type , where risk type is used to define probability, consequence and risk level for any given risk.
- Association of control measures to causes, enabling targeted control measures to that can be assigned to specific individuals, rather than generic control measures that are difficult to assign and track.
The Risk Management module is fully integrated into IRMA, where cross referencing of risks to other IRMA elements and other risks is intrinsic to the design.