Risk Management Maturity: Critical for Every Organisation

by Dr Arthur Linke
28 August 2019

An organisation's Risk Management Maturity (RMM) is one of the most critical aspects of its overall risk management framework. This is especially true if the organisation's risk management methods are assessed holistically, with each aspect of risk management having an impact on the overall success of the strategy.

In line with this, the weakest link in the risk management ecosystem is what makes the organisation most vulnerable. For example, an organisation may be excellent at assessing technical risks, which are very visible, but if the accountability for risk management is not communicated and embedded across all parts of the organisation, there is a gap in risk maturity and risk culture.  

Listed corporates are required to apply extensive risk management frameworks such as #ISO31000 or #COSO by corporate governance codes such as #KingIV.

However, small to medium enterprises (SMEs) are more vulnerable to risk in a #VUCA world. They often have limited resources to manage risk in order to protect and create value for the organisation, or even just survive.

One very prominent example of a RMM model that can give organisations insight into best practice and critical success factors is the RIMS risk management maturity model, which is used by organisations throughout the world.

Top Ten Risk Maturity Critical Success Factors:

  • Appropriate tone at the top
  • Clearly defined and communicated objectives
  • Distinct lines of accountability and escalation
  • Deep understanding of internal & external context
  • Calibration and use of experts for risk identification, evaluation and mitigation
  • A Crisis Plan or Business Continuity Management in place
  • Use of Scenario Planning to prepare for the future
  • Effective use of Key Performance Indicators (KPIs), Key Risk Indicators (KRIs) and Action Plans
  • All employees taking accountability for risk and continual improvement
  • A holistic portfolio view of organisation with no silos…the organisation is only as good as its weakest link

The “Titanic” is used by risk professionals as a familiar theme and case study for examples of how low risk management maturity and poor risk culture can lead to detrimental and even catastrophic effects. Most of the Top 10 RMM factors were present in this situation, and there were many examples of what went wrong on the “world’s most luxurious and unsinkable” ocean liner, which seem unconceivable today. These included a captain known for pushing the limits of ships, not enough lifeboats for the number of people onboard, no safety drills or tests carried out, no binoculars for the lookouts and steaming ahead at breakneck speed ignoring the definitive icefield warnings communicated by neighboring ships.    

In summary, an organisation's Risk Management Maturity is one of the most critical aspects of its overall risk management programme because the organisation's entire way of managing risk is assessed, based on best practice and key critical success factors.

RMM assessments ultimately give direction to specific, tailored interventions to fine-tune and improve the organisation's risk management and risk culture.

Prepare your organisation to survive the VUCA risk landscape while protecting and creating value through optimal risk management maturity.