In recent years and due to different crises (financial crises, epidemic crises, politic crise), organizations have turned their attention to searching best practices in order to better manage inherent risks. Actually, every organization is now obliged to take risks so as to grow and even to survive. Under these conditions, it is vital to correctly manage potential risks to the business, otherwise, if these risks occur, organizations may not be able to reach their objectives. From another side, all businesses rely on information technology so its related risks should be well managed. Consequently, and to audit the maturity of information technology risk management (ITRM), we developed a system named MART 23, built on using best practices of COBIT 5. In fact, COBIT 5 like other standards presents some guidelines for risk management / information technology risk management, but none of them offer an operational approach and tool for auditing, assessing and improving ITRM maturity in organizations. In the following article, the MART 23 system is presented to audit ITRM maturity, through UML design and some layouts.