Risk Management: How Mature is your Organization?
In the 1980s, a new type of framework called a "maturity model" emerged in industry. The proponents of these models intended to help organizations assess their capability in various fields, including software development, project management, and information technology. Maturity models offer several benefits, such as:
- Benchmarking: Maturity models compare an organization with best practices to assess capability.
- Improvement roadmap: Maturity models guide organizations in improving their processes.
- Progress measurement: Maturity models allow organizations to track progress towards enhanced effectiveness.
- Best practice alignment: Maturity models align an organization with industry-accepted practices and standards.
The first such model in risk management was the Risk Maturity Model (RMM). It describes four levels of increasing risk capability: Naive, Novice, Normalized, and Natural.
Level 1 - Naive
- Unaware of the need for risk management
- No structured approach to dealing with uncertainty
- Management processes are repetitive and reactive
- Little or no attempt to learn from the past or prepare for the future
- Culture does not recognize the need for risk management
- No risk processes, experience, or application to projects or business
Level 2 - Novice
- Begun to experiment with risk management
- No formal or structured generic processes are in place
- Awareness of the potential benefits of managing risk
- Culture views risk management as an overhead
- Ad hoc processes depend on key individuals with limited experience
- Inconsistent and patchy application of risk management
Level 3 - Normalized
- Management of risk integrated into routine business practices
- Formalized and widespread generic risk processes
- Benefits of risk management understood at all levels of the organization
- Culture recognizes the existence of risk and expects benefits from managing it
- Routine and consistent application of risk management
Level 4 -Natural
- Risk-aware culture with a proactive approach to risk management
- Uses risk information to improve business processes and gain a competitive advantage
- Integrated multi-level risk process for managing both threats and opportunities
- Risk-aware culture drives proactive risk management
- Best-practice processes implemented at all levels of the business
- Widespread and second-nature application of risk processes by all staff
If your organization is serious about risk management, you must measure yourself against a maturity model.
Risk Register by ProjectBalm
Improving your risk management capability is much easier with a suitable tool. This is why we created Risk Register by ProjectBalm.
Our goal was to automate best practice risk management techniques, and do so via an elegant, usable interface that works with you, and not against you. Risk Register will help you to identify, analyse, treat and monitor risks more easily and effectively than ever before.
If you are experienced at risk management, you will find in Risk Register a tool that works the way you want it to work. If you are new to risk management, our documentation and videos will take you through the whole risk management process, giving lots of useful examples.
Risk Register is fully compatible with risk management standards such as ISO 31000, and can also be used for governance, risk, and compliance (GRC) programs such as Sarbanes-Oxley and PCI.
Over the last few years, we've grown to become the most popular risk management solution in the Jira marketplace and we are now an Atlassian Platinum Partner. Why not try out Risk Register by ProjectBalm for yourself?
Reference. Hillson, D. (2019) Risk Doctor Briefing Note #130: Modifying the IACCM capability maturity model for risk. [PDF] Risk Doctor. Available at: https://risk-doctor.com/briefings/