RIMS Risk Maturity Model
The RIMS Risk Maturity Model (RMM) is a best practice framework and online assessment tool for enterprise risk management. The RMM enables risk professionals to measure their programs against its methodology and receive a corresponding ERM maturity score.[1]
History
The RIMS Risk Maturity Model was developed in 2006 by Steven Minsky, CEO of LogicManager, and published in 2008 by the Risk and Insurance Management Society. Today, the RMM serves as a free online resource for planning, implementing and maintaining mature enterprise risk management practices within organizations across industries and geographies.
The Risk Maturity Model's umbrella framework covers ISO 31000, OCEG, Red Book, BS 31100, COSO, FERMA, and Solvency II standards. It was originally based on the Capability Maturity Model, a methodology founded by the Carnegie Mellon University Software Engineering Institute (SEI) in the 1980s.[2]
RMM Assessment and Scoring
The RMM's methodology is broken down into 7 attributes, 25 competency drivers, and 71 key readiness indicators. ERM programs are benchmarked against these dimensions to identify their strengths and weaknesses. Maturity scores on the RMM range from 1-5, with scores of 3 and above signifying the presence of a repeatable and above risk-based ERM program.
The 7 attributes of the RIMS Risk Maturity Model are:[3]
- Adoption of an ERM-Based Process
- ERM Process Management
- Risk Appetite Management
- Root Cause Discipline
- Uncovering Risks
- Performance Management
- Business Resiliency and Sustainability.
Research and Accreditation
Over 2,400 organizations have baselined their ERM maturity with the RIMS Risk Maturity Model for ERM.[4]
In 2008, a research study concluded that at the 95% confidence level, there was a positive correlation between higher RMM assessment scores and higher credit ratings, an accepted measure of business performance and value.[5]
In 2014, a study of RMM data entitled "The Valuation Impact of Enterprise Risk Management Maturity," was published in The Journal of Risk and Insurance by a research team from Queen's University.[6] The study provides statistical evidence of up to a 25% market valuation premium for firms that reach mature levels of enterprise risk management, as measured by the RIMS Risk Maturity Model for ERM.[7]
Industry Adoption
The RIMS Risk Maturity Model for ERM has been recognized as a best practice framework by the following organizations:
- Institute of Internal Auditors [8]
- National Association of Insurance Commissioners (NAIC) [9]
- Risk and Insurance Management Society (RIMS) [10]
Risk Maturity Model Recognition Program
The Risk Maturity Model Recognition Program was launched in 2015 and aims to recognize the leaders in enterprise risk management while enhancing the discipline of ERM. Organizations are nominated for this distinction on an annual basis, based on the scores of their RMM assessment.[11]
See also
References
- ↑ "Risk Maturity Model". Risk and Insurance Management Society. Retrieved 9 December 2015.
- ↑ "Risk Maturity Model FAQ". Risk and Insurance Management Society. Retrieved 9 December 2015.
- ↑ "The RMM Explained". riskmaturitymodel.com. Retrieved 9 December 2015.
- ↑ Minsky, Steven; Fox, Carol (2012). "The State of ERM Report 2015 Page 7". The Risk and Insurance Management Society. Retrieved 9 December 2015.
- ↑ "Groundbreaking Study Validates Enterprise Risk Management Boost to Business Performance". Unified Communications. 20 November 2008. Retrieved 9 December 2015.
- ↑ Farrell, Mark; Gallagher, Ronan (10 March 2014). "The Valuation Implications of Enterprise Risk Management Maturity". The Journal of Risk and Insurance. Retrieved 9 December 2015.
- ↑ "Mature Risk Management Practices Could Realize 25% Value Growth". Property Casualty 360. 25 April 2014. Retrieved 9 December 2015.
- ↑ "Risk Management and Internal Audit: Forging a Collaborative Alliance Page 5" (PDF). The Institute of Internal Auditors. 26 October 2015. Retrieved 9 December 2015.
- ↑ "Financial Analysis Handbook - 2014 Annual Pages 2-3" (PDF). The National Association of Insurance Commissioners. 17 November 2015. Retrieved 9 December 2015.
- ↑ "Risk Maturity Model". Risk and Insurance Management Society. Retrieved 9 December 2015.
- ↑ "16 Companies Recognized by LogicManager and RIMS as Leaders in ERM Maturity". MarketWatch. 3 November 2015. Retrieved 9 December 2015.
External links
- RIMS Risk Maturity Model's Official Website
- RIMS Risk Maturity Model Online Assessment
- LogicManager's Official Website