Institutional Risk Management (IRM)System

Getting Started

Logging-in

  • Web Address:
  • Log-in using your VUNetID and ePassword
  • From off campus you will need to log-in to the VPN before accessing the web application.

Work List

Each time you log-in to the system it is recommended that you check your Work List for items pending resolution. Items that could be in your Work List that require your attention include: Risks and Controls Awaiting Approval; Risks and Controls you’ve saved as Draft; Risks and Controls you submitted for approval that have been returned to you by the approver for additional information; and required annual update items. You will receive periodic emails informing you if there are items pending in your Work List.

Annual Update Process

Annually, Vice Chancellors will receive a notification when it’s time for the annual update to be performed. The annual update process is comprised of three processes, each performed by different individuals depending assigned responsibilities, as follows:

  • Reviewing and Updating Risks and Controls - It is recommended that you generate a “Detailed” Risk and Control report for each assigned category, distribute the report (or portions of the report) to the individuals responsible for reviewing and assessing Risks and Controls who should evaluate the information in the report for completeness and accuracy, have those individuals make changes in the system as needed or designate one (or more) individual(s) to collect updated information and make changes as needed and have the appropriate individual approve all changes.
  • Attesting to the completeness and accuracy of Risks and Controls - It is recommended that you generate and review a “Heat Map” and a “Detailed” Risk and Control report for each assigned category. Once all Risks and Controls are reviewed and determined to be complete and accurate, the appropriate manager should access their Work List and“Attest” each assigned area. It is recommended that warnings (e.g., Risks without assigned Controls, Risks or Controls in a “Draft” or “Awaiting Approval”status) provided during Attestation be reviewed and corrected as determined necessary.
  • Certifying the completeness and accuracy of Risks and Controls - Once all Attestations are complete, each Vice Chancellor should access their“Certification” page and “Certify” each assigned category. During Certification, warnings are provided for items that may require additional review. It is recommended that an appropriate manager be contacted to perform follow-up and resolution for items with warnings as determined necessary.

Available Reports

Access reports from the Reports menu in the IRM System and then select Reports Hub to generate the reports below.

  • Heat Map - This report plots each Risk in a matrix and color codes the Risk based on the assigned assessments. A web and PDF version of this report is available depending on selected reporting criteria. This report is generally used in conjunction with the Risk/Control Detailed report.
  • Risk/Control Detailed - This report provides the detailed information about each Risk and Control. An Excel and PDF version of this report is available depending selected reporting criteria.
  • Incomplete Items - This report provides diagnostics regarding information that is included in generated reports, such as Risks or Controls in a “Draft” or “Awaiting Approval” status and Risks without an assigned Control.
  • User - This report provides an overview of system user privileges based on the selected Risk Category and Focus Areas.This report is restricted based on user privileges.
  • Certification Status - This report provides the Certification status for the selected categories. This report is restricted based on user privileges.

Frequently Asked Questions

Please visit the FAQ/Help menu in the IRM System for more information about the application, including, but not limited tothe following:

  • Key word definitions;
  • Accessing Risks and Control details;
  • Adding, deleting or editing Risks and Controls;
  • Approving change requests;
  • Attestation and Certification timing; and
  • Generating reports.

IRM System Administrator Contact Information

Office of Internal Audit & Institutional Risk Management

(615)343-6660

IRM System Data Structure