Complete this free risk management maturity assessment to determine whether your organization is risk management 1 or risk management 2. The assessment takes less than 3 minutes and is designed as a quick assessment to determine potential gaps in risk management integration.
Risk management 2 is about integrating risk analysis into decision making, core processes and operations. According to both ISO31000:2018 and COSO ERM:2017 risk management should be an integral part of planning, performance management and decision making. Test whether this is indeed the case at your organization.
Interpretation of results:
- 0-9 points – risk management is relatively immature still, not all risk management 1 requirements have been implemented. There is little if any evidence to suggest that risk management 2 principles are followed. The organization is generally not aligned with either ISO31000:2018 or COSO ERM:2017. The first priority should be getting all risk management 1 in place and then focus on integrating risk management into decision making.
- 10 – 15 points – looks like most of the risk management 1 requirements have been taken care of and some progress has been made on integrating risk analysis into decision making and core business processes. The first priority should be continuing the journey to integrate risk management into decision making and minimizing the effort required to maintain risk management 1.
- 16 – 20 points – looks like most of the risk management 1 requirements have been taken care of and risk management has been integrated into significant business decisions and core business processes. Well done! Please share your experience or difficulties in the comments below. Your experience is very valuable for the risk management profession.