RIMS Launches Risk Maturity Model for Enterprise Risk Management
November 28, 2006 | Boston, MA: The Risk and Insurance Management Society, Inc. (RIMS) announced today the launch of the Risk Maturity Model for Enterprise Risk Management (ERM), an online resource that provides guidelines and best practices for developing and maintaining a comprehensive risk management program. The Risk Maturity Model provides standardized criteria by which organizations can evaluate and improve their approach to enterprise risk management. In addition to publishing the reference guide, the Risk Maturity Model features a real-time benchmarking exercise that allows executives to score key characteristics of their risk management programs and generate a personalized maturity assessment. This risk analysis tool is a valuable resource for board members, executive management, risk managers and all corporate functions tasked with risk management responsibilities.
“The RIMS Risk Maturity Model for Enterprise Risk Management is a ground-breaking, sophisticated educational and reference tool that delivers a much needed barometer for the risk management community, as well as CEOs, COOs, CIOs, compliance, internal audit and other functions with risk management responsibilities,” says John Phelps, member, RIMS board of directors, and director of risk management for Blue Cross and Blue Shield of Florida, Inc. “The tool empowers organizations with the ability to evaluate risk culture competency, identify gaps and determine areas for improvement. In addition, it provides measures to help advance their programs and align them with ERM best practices. Eventually business leaders will be able to benchmark program maturity according to function, industry and company size.”
The Risk Maturity Model is based on the Capability Maturity Model, a methodology developed by the Carnegie Mellon University Software Engineering Institute (SEI) in the 1980’s. Originally, the model was used to advance software engineering methodologies and processes. Since then the theory behind the Maturity Model has been applied to other corporate operations such as supply chain and people management, and embraced by numerous organizations within the technology, finance and defense industries. A group of Enterprise Risk Managers from various business sectors joined forces to develop the RIMS Risk Maturity Model for Enterprise Risk Management in order to apply this proven methodology to improve upon processes within the risk management discipline.
The RIMS Risk Maturity Model presents a five-level progression for program maturity, from “non-existent” to “Leadership”. The seven drivers for the systematic progression of levels are termed as “Attributes” and include variables such as ERM Process Management, Risk Appetite Management, Uncovering Risks, and Business Resiliency and Sustainability. “These attributes are the key characteristics that identify and measure the degree of quality and business value in an Enterprise Risk Management program,” says Steven Minsky, CEO of LogicManager, Inc. and co-developer of the RIMS Risk Maturity Model. “This tool provides a roadmap to the successful adoption of an ERM framework, which is designed to view risks across all areas of a business in order to identify strategic opportunities and reduce uncertainty.” According to Minsky, a unique feature of the RIMS Risk Maturity Model is its applicability regardless of the specialized frameworks and standards an organization is using. The model is compatible with the Australian/New Zealand Risk Standard, COSO ERM, COBIT 4.0, Standard & Poor’s ERM, Sarbanes-Oxley and any other framework that an organization may use as the basis for its ERM program.
“We are not re-inventing the wheel; rather, we aim to provide guidelines and best practices to allow Enterprise Risk Managers to better understand their risk management process within the context of their respective businesses, and to recognize improvements they can make to mature their risk programs,” says Phelps.
The RIMS Risk Maturity Model and benchmark exercise are available in full to RIMS members and participants in the corresponding RIMS Risk Maturity Model professional development workshops and at the RIMS 2007 Annual Conference Exhibition on April 29-May 1, 2007 in New Orleans. Others can gain online access to an executive summary on the model and full access to the benchmarking exercise and personalized assessment. RIMS goal is to gather 500 participants in the benchmark exercise in order to accumulate substantial statistics on program maturity by industry, geography and company size. The long-term goal is to maintain and analyze the statistics in order to provide the risk management community with a valuable benchmarking reference and trend analysis for enterprise risk management program maturity.
The Risk Maturity Model for Enterprise Risk Management and other resources are available online at the RIMS ERM Center of Excellence at www.RIMS.org/ERM.
LogicManager is a leading provider of enterprise risk management software by virtue of its top-rated customer support and easy-to-use SaaS platform. LogicManager’s solutions help Manage Tomorrow’s Surprises Today® with patent-pending Taxonomy technology and out-of-the-box content and templates. LogicManager’s ERM software and support enable businesses to connect traditional risk, governance, and compliance activities to common root cause risks, and relate them to strategic goals through advanced reporting and analytics.
About The Risk and Insurance Management Society
The Risk and Insurance Management Society, Inc. (RIMS) is a not-for-profit organization dedicated to advancing the practice of risk management, a professional discipline that protects physical, financial and human resources. Founded in 1950, RIMS represents nearly 3,900 industrial, service, nonprofit, charitable, and governmental entities. The Society serves over 9,900 risk management professionals around the world.
Caitlin Seele: firstname.lastname@example.org | (617) 530-1208