CHART MEASURING ERM

RIMS' Risk Maturity Model assesses seven attributes of an organization that has an enterprise risk management process. Those attributes are the organization's:

• ERM-based approach, or the degree of executive support for ERM. That support would extend beyond regulatory compliance to all processes, functions, business lines, roles and locations.

• ERM process management, or the degree that ERM has been woven into business processes to identify, assess, evaluate, mitigate and monitor risk using qualitative and quantitative methods and tools.

• Risk appetite, or management understanding of the risk-reward tradeoffs in business.

  m Root cause discipline, or management's discipline for examining how risk is related to people, the external environment, systems, processes and relationships.

• Ability to uncover risk by collecting information from employees, databases and other electronic files to document risks and opportunities and understand their dependencies and correlation across the enterprise.

• Management performance, or how well management executes its vision and strategy by working from financial, customer, business process and other perspectives gleaned from a balanced scorecard or a similar approach.

• Business resiliency and sustainability as a result of the ERM process being integrated into operational planning for, among other things, supply chain disruptions, dramatic market pricing changes, cash flow volatility and business liquidity.