BRYAN'S BLOG

Mature Like a Fine Wine

Another topic request from a reader:

What impact does the risk maturity level have on the effectiveness of risk management?

Like so many things in life, it depends. Start with your definition of risk maturity.

When I run the RMIA’s Flagship ERM course, I run an exercise on how you evaluate your framework. There are lots of suggestions. Sometimes the focus will be evidence of the number of control failures being reduced over time, others will be focused on corporate outcomes, that is, hitting KPIs. All of these can be affected by outside influences. For example, the number of new controls introduced or being monitored and an increase in activities that controls are monitoring.

Sooner or later, the key item I am looking for is identified. Decision making. Specifically, evidence that risk is being considered in decision making and risks are being accepted or escalated in line with the organisation’s appetite for risk. Why? Because if organisations are doing this well they should be making better decisions, faster because of a clear understanding of what is acceptable risk taking.

Risk done well, means a more agile organisation. It will come as no surprise then that the highest level of my risk maturity model is Agile as shown in the diagram. That is what an organisation, that has cared for and matured their culture like a fine wine, can expect from their risk management program. The impact is your version of triple bottom line success!

Check out more about my risk maturity model here.