ERM Program Audit Guide:
Risk Maturity Model
If you’re involved in the Internal Audit process at your organization, you know that recent mandates enacted by the Institute of Internal Auditors (IIA) have expanded your role in communicating risk to the Board of Directors. The Risk Maturity Model (RMM) for Enterprise Risk Management (ERM) is a solution to help audit professionals like you evaluate the effectiveness of your risk management program. So what does ERM effectiveness look like to the IIA? The RMM is an umbrella framework that measures your organization on its adoption of ERM best practices from the most widely used risk management standards, including IAA guidelines. To benchmark your program against these best practices, leverage critical insights provided by the RMM:
- Determine if risks arising from your business strategies are identified and prioritized.
- Ascertain if management and the audit committee have determined the level of acceptable risk.
- Ensure there is a process by which controls are designed to reduce or manage risks to levels deemed acceptable by management and the audit committee.
- Periodically monitor and reassess your organization’s risk and the effectiveness of controls to manage it.
- Ensure managers responsible for risk management periodically provide the audit committee with reports on results of the risk management program.
Whether you complete the RMM from the Internal Audit perspective, or request that it be completed by your ERM/GRC manager, you’ll walk away with a Maturity Level Summary Report that serves as a valuable presentation for the board.
Using the following Internal Auditors Guide eBook to complete the RMM, you can determine if ERM Maturity is being measured effectively and accurately according to best practices. Download your complimentary copy of the guide using the form on this page!