5 things risk managers say about risk maturity models

What do you need to consider when building a risk maturity model?

This was the very question we asked our network of risk managers – a topic that is being hotly discussed in our private messaging service.

Here are the top 5 considerations:

1. Caution the use of maturity tools

There are many useful maturity tools, but the results should only be regarded as one data point that informs your next steps.

2. Think about maturity models in 4 groups:

• Depth of experience (novice to mastery to creator)
• Culture (active opposition through to total ownership)
• Risk management implementation (limited activity through to closed loop learning)
• How well you manage risk (from relying on good people through to holistic data-driven decision-making and optimisation)

3. Embed practical metrics

Measure the extent to which risk management supports the delivery of corporate objectives. For example:

• To what extent does ERM reporting lead to decisions at executive and/or board level?
• To what extent are uncertainties, risks and opportunities embedded in decision support material?
• To what extent is the company risk appetite (i.e. maximum acceptable risk taking) utilised and leveraged?

4. Use your model to gain top level support

Show management where you are, where you could take risk management, and how long it would take to achieve it at current resource levels.

5. Communicate the complexity of building an ERM programme – that works

Too often, management will want you to implement ERM within a tight timescale – a risk maturity model will help you demonstrate the various components that make up an effective ERM programme.

And here’s another recommendation from our community of risk managers. Read Domenic Antonucci’s book: Risk maturity models: how to assess risk Management effectiveness

Want to be part of the discussion? Get in touch with me: kin.ly@riskleadershipnetwork.com

We're setting out to transform how the global risk community shares insights and experience. You can read more about the launch of the Risk Leadership Network here.

Are you an in-house risk manager who could benefit from collaborating with a global network of senior risk professionals? Talk to us about becoming a Member today.