Internal auditors play the critical role of being the third line of defense. When risk owners and management do not identify risk or adequately mitigate the risk, it is imperative for the internal auditors to provide independent and objective insight on risk. The audit management solutions market caters to this need by automating internal audit operations through its primary and secondary offerings. Audit management solutions help manage the complexity of the auditor's role, not the organization's risk.
The IT risk management (ITRM) market focuses on solutions that support the ITRM discipline through automating common workflows and requirements. For the purposes of defining this market, IT risks are risks within the scope and responsibility of the IT department. These include IT dependencies that create uncertainty in daily tactical business activities, and IT risk events resulting from inadequate or failed internal IT processes, people or systems, or from external events.
Gartner defines Integrated risk management (IRM) as the combined technology, processes and data that serves to fulfill the objective of enabling the simplification, automation and integration of strategic, operational and IT risk management across an organization.
Gartner defines the market for quality management system (QMS) software as the business information management system that manages quality policies and standard operating procedures (SOPs). This may include, but is not limited to, customer requirements, quality documents, International Organization for Standardization (ISO) requirements, manufacturing capabilities, robust design, auditing procedures and protocols, nonconformance/risk management activities, testing criteria, and industry-specific regulations (for example, the U.S. Food and Drug Administration [FDA] or the Federal Acquisition Regulation [FAR] requirements).