A risk inventory provides an integrated view on risk management artifacts, e.g., risks, risk controls, and performance indicators. In this paper, we show how adapting the enterprise architecture management processes (EAM) may provide a foundation for an integrated IT risk inventory. Based on a design research approach, we develop a systematic approach for integrating the disciplines of risk management and enterprise architecture management. We demonstrate the utility of our approach by evaluating an identity management solution in a large bank.