Risk Management Maturity Level Development
Organizations wishing to implement a formal approach to risk management or to improve their existing approach need a framework against which to benchmark their current Risk Management practice. “Best Practice” benchmarks are usually defined in terms of maturity, normally reflecting increasing levels of sophistication together with other features. This report describes a Risk Management Maturity Model (RMMM) with four levels of capability maturity, each linked to specific attributes. Organizations and projects can use this model to assess their current level of Risk Management capability maturity, identify realistic targets for improvement, and produce action plans for developing or enhancing their Risk Management capability maturity level. This is a maturity model that is very simplified and designed to quickly target weaknesses but NOT to be so formal that it would become a constraint or overly invasive. The developers decided that an assessment of Risk Management capability did not require that much formality. If someone felt such formality was required, they could use the full EIA/IS 731 assessment process or the CMMI assessment process. All we advocate and present here is a simple assessment tool that helps organizations understand the maturity and possible shortcomings of their risk management process.
Download "RM Maturity Level Development 2002.pdf"