We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

How the RIMS Risk Maturity Model Works

Vote 0 Votes

ERM ProcessHack Wilson was an MLB star in the 1920's, but he had a drinking problem. Realizing his potential, Hack's manager pulled him into the dugout and said, "If I drop a worm into a glass of water, it swims around fine. If I drop it into a glass of whiskey, it immediately dies. What does this prove?"

Hack responded, "If you drink whiskey, you'll never get worms."

Hack's observation, while misguided, provides a lesson in the difficulty of training and educating employees. Over the next several weeks, I hope to provide a step by step walkthrough of the RIMS Risk Maturity Model (RMM) for Enterprise Risk Management, and while doing so provide a framework that can be used to educate, implement, and enhance the ERM program at your own organization.

Recently the target of a third party study of ERM programs, enterprise risk management maturity as measured by the RIMS Risk Maturity Model, is proven to add 25% to a corporations bottom line value, but how is that value achieved? What is it about Enterprise Risk Management that makes these organizations more efficient, better operating, and ultimately more successful?

The answer is that the RIMS Risk Maturity Model is a step-by-step guide on how to implement, improve and measure the adoption of the best practices of ERM defined by ISO, COSO and other ERM standards. The RIMS Risk Maturity Model is broken down into 7 Risk Maturity Model attributes, and the resulting culture, processes, tools, and structure that allow organizations to realize potential opportunities while managing adverse events and surprises. As outlined by the RMM, enterprise risk management is particularly effective in addressing cross functional or silo specific challenges and gaps by providing a common framework.

That's a loaded response, and as shown above, educating process owners, risk managers, and even executives about the value of ERM can be tricky. That's the value of the RIMS Risk Maturity Model. The RMM breaks down ERM into practical requirements, allowing organizations to assess their current capabilities, while providing concrete guidance for a pathway forward. The 7 core attributes are:

  1. ERM-based approach - Executive support within the corporate culture.
  2. ERM process management - Integration into business processes.
  3. Risk appetite management - Accountability within leadership and policy to guide decision-making.
  4. Root cause discipline - Binding events with their process sources.
  5. Uncovering risks - Risk assessments to document risks and opportunities.
  6. Performance management - Executing vision and strategy utilizing balanced scorecard.
  7. Business resiliency and sustainability - Integration into operational planning.

In each of the next few posts, we'll cover more fully what a mature ERM program looks like from the perspective of one of our 7 attributes. The goal is to improve your organizations ability to manage risk, while exploring the correlation between business value and ERM maturity.

Steven Minsky is CEO of LogicManager and co-author of the RIMS Risk Maturity Model for Enterprise Risk Management. For an introduction to the RIMS approach to ERM, click here to watch LogicManager's video on Getting Started with ERM.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives