What is your Risk Maturity Level?
In the 1980s, a new type of framework called a "maturity model" emerged in industry. The proponents of these models intended to help organizations assess their capability in various fields, including software development, project management, and information technology. Maturity models offer several benefits, such as:
Benchmarking: Maturity models compare an organization with best practices to assess capability.
Improvement roadmap: Maturity models guide organizations in improving their processes.
Progress measurement: Maturity models allow organizations to track progress towards enhanced effectiveness.
Best practice alignment: Maturity models align an organization with industry-accepted practices and standards.
The first Risk Maturity Model (RMM) was proposed in 1997 by Dr. David Hillson. It describes four levels of increasing risk capability: Naive, Novice, Normalized, and Natural.
Level 1 - Naive
Unaware of the need for risk management
No structured approach to dealing with uncertainty
Management processes are repetitive and reactive
Little or no attempt to learn from the past or prepare for the future
Culture does not recognize the need for risk management
No risk processes, experience, or application to projects or business
Level 2 - Novice
Begun to experiment with risk management
No formal or structured generic processes are in place
Awareness of the potential benefits of managing risk
Culture views risk management as an overhead
Ad hoc processes depend on key individuals with limited experience
Inconsistent and patchy application of risk management
Level 3 - Normalized
Management of risk integrated into routine business practices
Formalized and widespread generic risk processes
Benefits of risk management understood at all levels of the organization
Culture recognizes the existence of risk and expects benefits from managing it
Routine and consistent application of risk management
Level 4 -Natural
Risk-aware culture with a proactive approach to risk management
Uses risk information to improve business processes and gain a competitive advantage
Integrated multi-level risk process for managing both threats and opportunities
Risk-aware culture drives proactive risk management
Best-practice processes implemented at all levels of the business
Widespread and second-nature application of risk processes by all staff
If your organization is serious about risk management, you must measure yourself against a maturity model.
Risk Register by ProjectBalm is a proven tool that helps you record and manage your risks.