The Risk Maturity Model 

RMM Report Summary

Understanding Enterprise Risk Management (ERM)

At the core, enterprise risk management (ERM) is a method of systematically identifying, evaluating and prioritizing the activities and goals of an organization. Applying a common risk-based framework to the governance activities across departments, creates efficiency, drives better business decisions and strengthens strategic planning.

Whether analyzing risks, threats, opportunities or performance goals, a risk-based approach provides the framework needed to consistently connect and address overlapping concerns. Implementing a risk-based approach across departments and integrating it into the organization’s culture, is a fundamental component of a successful enterprise risk management program.

What is the Risk Maturity Model (RMM)?

The Risk Maturity Model for ERM serves as a free resource for risk and governance professionals to aide in planning, implementing and maturing enterprise risk management practices within their organizations. Those who utilize the RMM span across all industries and levels; from risk managers at financial institutions to C-level executives from energy or healthcare organizations and beyond.

The goal of the RMM is to serve as a benchmarking and educational tool for improving ERM practices and communication through an organization. Incorporating elements of existing best practice frameworks and ERM models, the RMM categorizes programs into one of five levels of maturity: (1) Ad-Hoc, (2) Initial, (3) Repeatable, (4) Managed and (5) Leadership. Achieving each level of added maturity indicates an organization’s success in achieving its business objectives and improving performance through the utilization of a risk-based mythology.

For details on the components of the Risk Maturity Model for enterprise risk management and how to leverage the results, please visit The RMM Explained and Results & Testimonials.


In More Depth

In 2005, the ERM Committee of The Risk and Insurance Management Society (RIMS) recognized the need for ERM education and a mechanism for measuring ERM maturity. As a result, RIMS selected expert ERM software provider LogicManager to author an enterprise risk management maturity model.

The Risk Maturity Model (RMM) assessment for enterprise risk management (ERM) helps risk management practitioners, senior leadership, auditors, and regulators evaluate the effectiveness and adequacy of an organization’s unique risk management program and determine where and how their program can improve. The Risk Maturity Model (RMM) is an umbrella ERM framework that covers ISO 31000, OCEG Red Book, BS 31100, COSO, FERMA and Solvency II standards. It allows organizations to use a single, effective risk management framework to manage their program while providing reports to meet any standard their internal or external stakeholders require.

Proven scientific evidence shows that organizations with higher risk maturity levels experience stronger financial performance. As demonstrated in a recent independent study conducted by researchers at Queen’s University, organizations exhibiting mature risk management practices, as measured by their score on the RMM, realized an increased valuation premium of up to 25%. This study, which is the first of its kind, validates the bottom-line benefits of adopting a risk-based methodology and approach to risk management through ERM.


Over 2,400 organizations have already baselined their risk maturity with the Risk Maturity Model.

The Risk Maturity Model objectively measures the effectiveness of risk management program initiatives over time, provides a common language for risk management practitioners to share information internally, and enables an organization to benchmark their progress versus their peers in their industry and geography. The Risk Maturity Model is incorporated within the Associate in Risk Management-ERM (ARM-E) professional designation course material by The Institutes, the premier designation for all risk management professionals.

In 2014, the prestigious Journal of Risk and Insurance published the independent research study, “The Valuation Implications for Enterprise Risk Management Maturity.” This rigorous peer-reviewed academic study by Queens University MBA program definitively quantifies a 25% market valuation premium for firms that have reached mature levels of enterprise risk management, as defined and measured by the Risk Maturity Model (RMM) for ERM.