Skip Ribbon Commands
Skip to main content


Risk Maturity Model FAQ

  1. What is the importance of RIMS Risk Maturity Model for Enterprise Risk Management?

  2. The Risk Maturity Model is a valuable tool for your business planning and risk mitigation approach to generate the requirements to improve your risk management competency. Without an understanding of the effectiveness of your risk program, you cannot properly plan for uncertainties or discover ways to strengthen your risk mitigation strategy. The Risk Maturity Model provides standardized criteria by which organizations can benchmark risk management strategies in order to identify program maturity levels, strengths and weaknesses, and next steps in the evolution of an ERM program.
  3. How is the Risk Maturity Model relevant to you?

  4. This educational and benchmarking tool is absolutely key for executives charged with risk management responsibilities. The RMM is an educational, planning and measurement resource for boards of directors, chief executive officers, chief financial officers, chief audit executives and consultants to evaluate the effectiveness and efficiency of an organization’s ERM program.
  5. What are the basic principles of the Risk Maturity Model?

  6. The RMM model consists of 68 key readiness indicators that describe twenty-five competency drivers for seven attributes that create ERM’s value and utility in an organization. The RMM maturity ladder is organized progressively from “ad hoc” to “leadership” and depicts corresponding levels of risk management competency. The seven drivers for the systematic progression of levels are termed as "Attributes" and includes variables such as ERM Process Management, Risk Appetite Management, Uncovering Risks, and Business Resiliency and Sustainability. The Model helps you and your leadership team define a roadmap to the successful adoption of an ERM, which is designed to view risks across all areas of the business in order to identify strategic opportunities and reduce uncertainty. A unique feature of the Model is its applicability regardless of the specialized frameworks and standards that your organization is using, whether it be the Australian/New Zealand Risk Standard, COSO ERM, COBIT, Standard & Poor’s ERM or Sarbanes-Oxley.
  7. What is theoretical basis for RIMS Risk Maturity Model?

  8. The Risk Maturity Model is based on the Capability Maturity Model, a methodology founded by the Carnegie Mellon University Software Engineering Institute (SEI) in the 1980’s. Originally, the model was used to advance software engineering processes. Since then the theory behind the Maturity Model has been applied to other corporate operations such as supply chain and people management, and embraced by some organizations within technology, finance and defense industries. A group of Enterprise Risk Managers from various business sectors joined forces with LogicManager to develop the RIMS Risk Maturity Model for ERM in order to apply this proven methodology to improve upon processes within the risk management discipline.
  9. How do I use RIMS Risk Maturity Model?

  10. In order to get the most out of RIMS Risk Maturity Model, we encourage you to take a Risk Maturity Assessment at no cost in order to get a snapshot of where your risk program stands today. You can then compare your personalized assessment against the full guidelines and develop a plan for improving processes and increasing the thoroughness and effectiveness of your risk program. RIMS members will gain access to the full guidelines. Others will download an Executive Summary, which provides an overview of the RIMS Risk Maturity Model. To gain access to the full guidelines for planning purposes, you can join RIMS by clicking here: In addition to receiving full access to RIMS Risk Maturity Model, members receive discounts to the Annual Conference & Exhibition as well as other Professional Development courses and workshops, access to the Career Center and Job Bank, Risk Management magazine and a wealth of other benefits and services.

    Another way to gain access to the full guidelines is to attend one of the upcoming workshops on the RIMS Risk Maturity Model for ERM. Here, you will join fellow risk management professionals and learn how to apply the Risk Maturity Model to your organization, assess your risk culture competency and develop an action plan to strengthen your risk management approach. Reserve your place today at an upcoming workshop on RIMS Risk Maturity Model and other ERM-related courses:

RIMS Risk Maturity Model for Enterprise Risk Management was developed with the support of co-developer Steven Minsky, CEO of LogicManager, Inc. ( LogicManager is a leading developer of ERM solutions and creator of its own innovative risk maturity model. LogicManager, based in Boston, donated its intellectual property, expertise and services for the development of the RIMS Risk Maturity Model for Enterprise Risk Management. RIMS State of ERM Report 2008 is authored by Steven Minsky with contributions from members of RIMS ERM Development Committee. The report is produced by LogicManager and published by RIMS.



Access the most comprehensive directory of solution providers for risk professionals.


myCOI's suite of products provides you with the right solution to simplify the tracking process and minimize your risks of an uninsured claim and costly litigation...

RWH Myers

RWH Myers is committed to helping policyholders through business interruption and property damage claims, efficiently and accurately...


Navigant represents policyholders in the analysis of losses and preparation of complex insurance claims...