This study focus on whether or not the IRM is well effectively controlled in practice, and compare their managerial activities of IRM with the requirements of ISO 31000 for a non-profit organization which has been adopted IRM based on ISO 27001. The differences of existed IRM management and the ISO 31000 standard are figured out and then raise the related issues to explore. Through the experts interview and opinions collection and analysis, results show that the mainly course of IRM is not practically effectiveness is lack of relevant knowledge of IRM organizational-wise, and thus also due to the reason of lack of supervisor support, hence also lack of resources and manpower to be put into IRM. The conclusion of this study could be as a hint to those organizations or businesses, before they are adopting ISMS, have to increase the awareness of IRM in advance, so that activities of IRM can be really put into practices to effectively control the potential information risk of organization.