Maintaining or improving the quality of risk management within an organization is difficult to measure if the executive team have not established standards by which to judge their risk management efforts. How does your company’s risk management program compare to successful, sustainable and mature programs?
Our risk management assessment is built up from our analysis of four fundamental activities of an organization’s risk management efforts:
- discover and define risks
- communicate and escalate risks
- manage and control risks
- monitor and evaluate risk management
As well as our evaluation of six fundamental components of risk management:
- risk register or the enterprise risk assessment
- enterprise risk reporting
- infrastructure – language, tolerance, appetite
- documentation of protocols and procedures
The completed Risk Management Maturity Assessment will indicate where the company is good, bad or indifferent in relation to managing risk and will show whether the next steps should focus on risk systems, risk knowledge, risk attitudes, risk management skills, risk management activities or risk management components.