Skip Ribbon Commands
Skip to main content


RIMS Risk Maturity Model for ERM

How thorough is your enterprise risk management program?
How can you measure the strengths and weaknesses of your risk management strategy?
Where can you find a dependable roadmap for creating a risk management program that can deliver on today's expectations?

RIMS has designed a tool that is used by executives in risk management and others charged with risk management responsibilities to develop sustainable ERM programs and infrastructure reflecting their organizations’ strategies and business objectives. RIMS Risk Maturity Model for Enterprise Risk Management is an online resource that allows risk practitioners to score their risk programs online and receive a real-time report. This analysis, based on guidelines set forth in the model, serves as a foundation for an organization to set its priorities for future ERM improvements. 

New! Read the newly published RIMS State of ERM Report 2008 (November 2008)

Risk managers and other executives charged with risk management responsibilities get a complimentary copy of the report when you complete a free online Risk Maturity Assessment or update your data from your last assessment. Act now by clicking here! Others may purchase a copy of the study in RIMSTORE.


RIMS Risk Maturity Model for Enterprise Risk Management

First, take the Risk Maturity Assessment. Score your risk program on 25 key factors and their underlying competency drivers. Receive a real-time personalized benchmark report on your existing maturity level.

Next, download the RIMS Risk Maturity Model for Enterprise Risk Management. Compare your personalized report against the guidelines and develop an action plan to take your risk management program to the next level.

More than 2,000 risk practitioners are well on their way to creating competitive advantage for their organizations and their professional careers by taking advantage of the RIMS Risk Maturity Model for Enterprise Risk Management. More than 500 are in their second benchmarking year.

In addition to your Risk Maturity Assessment, risk practitioners will receive a complimentary copy of the RIMS State of ERM report 2008. The report provides timely insight and perspectives on risk management programs based on data collected from hundreds of risk practitioners. Don't miss out—take 30 minutes and complete your Risk Maturity Assessment today!

If you experience technical difficulties, please call: (617) 649-1327


What is the importance of RIMS Risk Maturity Model for Enterprise Risk Management?

The Risk Maturity Model is a valuable tool for your business planning and risk mitigation approach to generate the requirements to improve your risk management competency. Without an understanding of the effectiveness of your risk program, you cannot properly plan for uncertainties or discover ways to strengthen your risk mitigation strategy. The Risk Maturity Model provides standardized criteria by which organizations can benchmark risk management strategies in order to identify program maturity levels, strengths and weaknesses, and next steps in the evolution of an ERM program.

How is the Risk Maturity Model relevant to you?

This educational and benchmarking tool is absolutely key for executives charged with risk management responsibilities. The RMM is an educational, planning and measurement resource for boards of directors, chief executive officers, chief financial officers, chief audit executives and consultants to evaluate the effectiveness and efficiency of an organization’s ERM program.

What are the basic principles of the Risk Maturity Model?

The RMM model consists of 68 key readiness indicators that describe twenty-five competency drivers for seven attributes that create ERM’s value and utility in an organization. The RMM maturity ladder is organized progressively from “ad hoc” to “leadership” and depicts corresponding levels of risk management competency. The seven drivers for the systematic progression of levels are termed as "Attributes" and includes variables such as ERM Process Management, Risk Appetite Management, Uncovering Risks, and Business Resiliency and Sustainability. The Model helps you and your leadership team define a roadmap to the successful adoption of an ERM, which is designed to view risks across all areas of the business in order to identify strategic opportunities and reduce uncertainty. A unique feature of the Model is its applicability regardless of the specialized frameworks and standards that your organization is using, whether it be the Australian/New Zealand Risk Standard, COSO ERM, COBIT, Standard & Poor’s ERM or Sarbanes-Oxley.

What is theoretical basis for RIMS Risk Maturity Model?

The Risk Maturity Model is based on the Capability Maturity Model, a methodology founded by the Carnegie Mellon University Software Engineering Institute (SEI) in the 1980’s. Originally, the model was used to advance software engineering processes. Since then the theory behind the Maturity Model has been applied to other corporate operations such as supply chain and people management, and embraced by some organizations within technology, finance and defense industries. A group of Enterprise Risk Managers from various business sectors joined forces with LogicManager to develop the RIMS Risk Maturity Model for ERM in order to apply this proven methodology to improve upon processes within the risk management discipline.

How do I use RIMS Risk Maturity Model?

In order to get the most out of RIMS Risk Maturity Model, we encourage you to take a Risk Maturity Assessment at no cost in order to get a snapshot of where your risk program stands today. You can then compare your personalized assessment against the full guidelines and develop a plan for improving processes and increasing the thoroughness and effectiveness of your risk program. RIMS members will gain access to the full guidelines. Others will download an Executive Summary, which provides an overview of the RIMS Risk Maturity Model. To gain access to the full guidelines for planning purposes, you can join RIMS by clicking here: In addition to receiving full access to RIMS Risk Maturity Model, members receive discounts to the Annual Conference & Exhibition as well as other Professional Development courses and workshops, access to the Career Center and Job Bank, Risk Management magazine and a wealth of other benefits and services.

Another way to gain access to the full guidelines is to attend one of the upcoming workshops on the RIMS Risk Maturity Model for ERM. Here, you will join fellow risk management professionals and learn how to apply the Risk Maturity Model to your organization, assess your risk culture competency and develop an action plan to strengthen your risk management approach. Reserve your place today at an upcoming workshop on RIMS Risk Maturity Model and other ERM-related courses:

RIMS Risk Maturity Model for Enterprise Risk Management was developed with the support of co-developer Steven Minsky, CEO of LogicManager, Inc. ( LogicManager is a leading developer of ERM solutions and creator of its own innovative risk maturity model. LogicManager, based in Boston, donated its intellectual property, expertise and services for the development of the RIMS Risk Maturity Model for Enterprise Risk Management. RIMS State of ERM Report 2008 is authored by Steven Minsky with contributions from members of RIMS ERM Development Committee. The report is produced by LogicManager and published by RIMS.



Access the most comprehensive directory of solution providers for risk professionals.


myCOI's suite of products provides you with the right solution to simplify the tracking process and minimize your risks of an uninsured claim and costly litigation...

RWH Myers

RWH Myers is committed to helping policyholders through business interruption and property damage claims, efficiently and accurately...


Navigant represents policyholders in the analysis of losses and preparation of complex insurance claims...