You have likely been asked or heard the question, “How mature is our risk management?” We hear it often as well. The presumption is that the more mature a process, the more effective it is. But what does that really mean? How does the concept of maturity apply to risk management?
Effective enterprise risk management (ERM) enables timely responses to the risks that matter most. This issue of Board Perspectives: Risk Oversight, outlines the five levels of a capability maturity framework (CMF): the initial state, the repeatable state, the defined state, the managed state, and the optimizing state.