What is the RMM?

The RIMS Risk Maturity Model


Understanding Enterprise Risk Management (ERM)

At the core, enterprise risk management (ERM) is a method of systematically identifying, evaluating and prioritizing the activities and goals of an organization. Applying a common risk-based framework to the governance activities across departments, creates efficiency, drives better business decisions and strengthens strategic planning.

Whether analyzing risks, threats, opportunities or performance goals, a risk-based approach provides the framework needed to consistently connect and address overlapping concerns. Implementing a risk-based approach across departments and integrating it into the organization’s culture, is a fundamental component of a successful enterprise risk management program.


What is the Risk Maturity Model (RMM)?

The RMM serves as a free resource for risk and governance professionals to aide in planning, implementing and maturing enterprise risk management practices within their organizations. Those who utilize the RMM span across all industries and levels; from Risk Managers at financial institutions to C-level executives from energy or healthcare organizations and beyond.

The goal of the RMM is to serve as a benchmarking and educational tool for improving ERM practices and communication through an organization. Incorporating elements of existing best practice frameworks and ERM models, the RMM categorizes programs into one of five levels of maturity: (1) Ad-Hoc, (2) Initial, (3) Repeatable, (4) Managed and (5) Leadership. Achieving each level of added maturity indicates an organization’s success in achieving its business objectives and improving performance through utilization of a risk-based mythology.

For details on the components of the RIMS Risk Maturity Model and how to leverage the results, please visit The RMM Explained and Results & Testimonials.

History of RMM no title


In More Depth

In 2005, the ERM Committee of The Risk and Insurance Management Society (RIMS) recognized the need for ERM education and a mechanism for measuring ERM maturity. As a result, RIMS selected expert ERM software provider LogicManager to author an Enterprise Risk Management Maturity Model.

The RIMS Risk Maturity Model (RMM) assessment for Enterprise Risk Management (ERM) helps risk management practitioners, senior leadership, auditors, and regulators evaluate the effectiveness and adequacy of an organization’s unique risk management program and determine where and how their program can improve. The RIMS Risk Maturity Model (RMM) is an umbrella framework that covers ISO 31000, OCEG Red Book, BS 31100, COSO, FERMA and Solvency II standards. It allows organizations to use a single internal framework to manage their ERM program while providing reports to meet any standard their internal or external stakeholders require.

Proven scientific evidence shows that organizations with higher risk maturity levels experience stronger financial performance. As demonstrated in a recent independent study conducted by researchers at Queen’s University, organizations exhibiting mature risk management practices, as measured by their score on the RMM, realized an increased valuation premium of up to 25%. This study, which is the first of its kind, validates the bottom-line benefits of adopting a risk-based approach to risk management through ERM.



Over 2,000 organizations have already baselined their risk maturity with the RMM. Furthermore, the correlation between utilizing LogicManager and better business performance has been statistically justified in recent independent research studies.

RIMS Risk Maturity Model helps add 25% to organization's bottom line valueThe RIMS Risk Maturity Model objectively measures the effectiveness of risk management program initiatives over time, provides a common language for risk management practitioners to share information internally, and enables an organization to benchmark their progress versus their peers in their industry and geography. The RIMS Risk Maturity Model is incorporated within the Associate in Risk Management-ERM (ARM-E) professional designation course material by The Institutes, the premier designation for all risk management professionals.

In 2014, the prestigious Journal of Risk and Insurance published the independent research study, “The Valuation Implications for Enterprise Risk Management Maturity.” This rigorous peer-reviewed academic study by Queens University MBA program definitively quantifies a 25% market valuation premium for firms that have reached mature levels of enterprise risk management, as defined and measured by the RIMS Risk Maturity Model (RMM).