RIMS Risk Maturity Model Resources

Risk Maturity Model Resources


RMM Resources

Below outlines RIMS Risk Maturity Model resources including the RMM assessment, frequently asked questions (FAQs) and additional support for the ERM community.

RMM AssessmentRisk Maturity Model (RMM) Assessment

The RIMS Risk Maturity Model (RMM) provides a framework and self-assessment survey for improving enterprise risk management practices. This online ERM resource allows risk practitioners to score their risk programs and receive a real-time report. The analysis, based on guidelines set forth in the model, serves as a custom action plan as your organization’s roadmap for improvement. Click here to take the assessment.

RMM FAQ PageRisk Maturity Model FAQ

What is the importance of RIMS RMM assessment for enterprise risk management? How is it relevant to your organization? What is the RMM based off? The RIMS Risk Maturity model was developed to advance the risk management discipline by spreading industry best practices and providing answers to key questions such as those listed. For answers to commonly asked RMM questions, click here to visit the RMM FAQ page.


Twnety Five Percent Article for RMMRMM Study: Mature Risk Management Practices Could Realize 25% Value Growth

In 2014, the prestigious Journal of Risk and Insurance published the independent research study, “The Valuation Implications for Enterprise Risk Management Maturity.” This rigorous peer-reviewed academic study by Queens University MBA program definitively quantifies a 25% market valuation premium for firms that have reached mature levels of enterprise risk management, as defined and measured by the RIMS Risk Maturity Model (RMM). Click here to read the article summary or access the full RMM study here!

RMM Blog ArchiveRMM Blog Archive

Press releases, studies, reports and more, the Risk Maturity Model blog archive is your source for the most up to date news about risk management and the RMM assessment. Managing Tomorrow’s Surprises Today is the leading blog for risk management, written by Steven Minsky, CEO of LogicManager and author of the RMM. Click here to visit the RMM blog!

RMM Based SolutionsRisk-Based Solutions for ERM Maturity

Connect and manage all your organization’s risk, governance and compliance activities using an integrated solution. With a common framework for organizing, assessing and prioritizing governance activities, programs can significantly decrease duplicate effort across departments and maximize overall performance. Click here to visit LogicManager and learn more about the leading provider of ERM/GRC solutions.



RMM News Archive

Below is an archive of RIMS Risk Maturity Model press releases, news and articles. For recent news, discussions, and real world examples surrounding enterprise risk management, click here to visit the LogicManager blog.


Published Reports, Articles & Studies

RIMS Executive Report: The Risk Perspective (PDF Report)

This PDF summarizes the most widely used risk management standards and guidelines, coauthored by the RIMS Standards and Practices Committee and the RIMS ERM Committee. This report identifies common elements between the RIMS Risk Maturity Model and the six most widely used risk management standards, helping simplify and streamline competing standards into the key components. Click here to access the PDF report!

RMM Value: A Growing Body of Evidence (Online Article)

This article published in 2009, highlights the positive effects of implementing enterprise risk management within an organization. Focusing on the RIMS Risk Maturity Model (RMM) as a method to embrace and implement ERM, this article aligns the RMM and ERM with better business performance, higher credit ratings and more. To learn more about the benefits of implementing enterprise risk management, visit the full article here!

Strategic Risk Management: Taking Action (PDF Report)

Published by MARSH in 2012, this report explores the importance of strategic risk management through relevant case studies. What opportunities exist to make risk management a stronger contributor to an organization’s overall strategic planning? For the answer to this, and many more key questions, access the full PDF report here!

ERM: The New Imperative (PDF Report)

An executive white paper published by the environment, health and safety consulting firm, Lexicon Systems, discusses enterprise risk management as a new strategic imperative. This report highlights various risk management frameworks (including COSO, the RMM, Basel II, etc.) and the importance of integrating risk with governance and compliance. Additionally, it builds the business case for utilizing software to standardize processes and more effectively manage risk. To read more, access the full PDF report here!

Risk Management and Internal Audit: Forging a Collaborative Alliance (PDF Report)

Published by RIMS and the Institute of Internal Auditors (IAA), this executive report examines risk management and internal audit as independent yet connected roles, highlighting the commonalities that typically are overlooked. Making the case for increased collaboration, risk and internal audit can benefit from one another, cutting back on duplicative work and providing increased efficiency and value to the organization. Read the full report here!

Enterprise Risk Management Seen as Key to Avoiding Corporate Catastrophe (EHS News Article)

Published in 2008, this article highlights key findings from the ‘RIMS State of ERM Report 2008‘, the first in-depth study on enterprise risk management practices. These findings include the value ERM provides for organizations of all types/industries, and the correlation between increased ERM maturity and higher credit ratings. To learn more about the study of ERM practices, visit the full article here!


Risk Monitor Blog Series

RMORSA (Part 1): Risk Culture and Governance (Blog Post)

The first of a five part blog series on the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) requirements, this blog post introduces the five main ORSA requirements and examines the first, risk culture and governance, in more depth. To learn more about risk culture and governance, defined by the NAIC as roles, responsibilities, and accountability in risk-based decision making, visit the full blog post here!

RMORSA (Part 2): Risk Identification and Prioritization (Blog Post)

Part two of this blog series details the second ORSA requirement, risk identification and prioritization. This step helps define the ongoing risk management process and equips organizations with the information and data needed for risk based decision making. As discussed in the blog, utilizing a root-cause approach is critical, allowing organizations to identify the core of a risk versus just the symptoms. Learn more by visiting the full blog post here!

RMORSA (Part 3): Risk Appetite and Tolerance Statement (Blog Post)

The third step in the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) is the implementation of a risk appetite and tolerance statement as advised by the RIMS Risk Maturity Model framework. A risk appetite statement reflects the organization’s high level measures of acceptable risk as they relate to strategic objectives whereas the tolerance statements must be actionable and measurable to provide greater assurance that risk remains within the appetite statement. Read more by visiting the full blog post here!

RMORSA (Part 4): Risk Monitoring, Control & Action Plans (Blog Post)

The fourth component, risk monitoring, control and action plans, revisits the foundation laid during the previous three steps to measure effectiveness, value and plan for improvement. With the proper structure to track, analyze and measure progress, organizations are able to plan for improvement in weak areas and continue activities that are strong. To learn more, visit the full blog post here!

RMORSA (Part 5): Risk Reporting & Communication (Blog Post)

The final post in the Risk Monitor blog series on RMORSA, covers the fifth requirement, risk reporting and communication. After implementing standardized risk assessments, well documented risk mitigation, and processes for continual improvement; this post answers a key question on everyone’s mind: how do you report this information to your Board and effectively communicate to your commissioner in a way that demonstrates ORSA compliance and your ERM program’s valueFor the answer, visit the full blog post here!


RMM Press Releases

RIMS Launches Risk Maturity Model for Enterprise Risk Management (Press Release circa 2006)

In 2006, Risk and Insurance Management Society launched RIMS Risk Maturity Model for Enterprise Risk Management (ERM). Known as the RMM, this resource is a sophisticated educational and reference tool, that provides best practices and guidelines for developing, implementing and maturing a risk management program. To read the more, visit the full press release here!

RIMS Offers ERM Maturity Model Tool (Press Release circa 2007)

In 2007, RIMS published an article emphasizing one of the most important takeaways of the RIMS Risk Maturity Model, that too often risk management is looked at from a compliance standpoint, even though “you’re not measuring value with that type of approach,” said Steven Minsky, CEO of LogicManager and developer of the RIMS Risk Maturity Model. To read more, visit the full article here!