The RIMS Risk Maturity Model (RMM) is a best practice framework and online assessment tool for enterprise risk management. The RMM enables risk professionals to measure their programs against its methodology and receive a corresponding ERM maturity score.
The RIMS Risk Maturity Model was developed in 2006 by Steven Minsky, CEO of LogicManager, and published in 2008 by the Risk and Insurance Management Society. Today, the RMM serves as a free online resource for planning, implementing and maintaining mature enterprise risk management practices within organizations across industries and geographies.
The Risk Maturity Model's umbrella framework covers ISO 31000, OCEG, Red Book, BS 31100, COSO, FERMA, and Solvency II standards. It was originally based on the Capability Maturity Model, a methodology founded by the Carnegie Mellon University Software Engineering Institute (SEI) in the 1980s.
The RMM's methodology is broken down into 7 attributes, 25 competency drivers, and 71 key readiness indicators. ERM programs are benchmarked against these dimensions to identify their strengths and weaknesses. Maturity scores on the RMM range from 1-5, with scores of 3 and above signifying the presence of a repeatable and above risk-based ERM program.
The 7 attributes of the RIMS Risk Maturity Model are:Adoption of an ERM-Based Process
ERM Process Management
Risk Appetite Management
Root Cause Discipline
Business Resiliency and Sustainability.
Over 2,400 organizations have baselined their ERM maturity with the RIMS Risk Maturity Model for ERM.
In 2008, a research study concluded that at the 95% confidence level, there was a positive correlation between higher RMM assessment scores and higher credit ratings, an accepted measure of business performance and value.
In 2014, a study of RMM data entitled "The Valuation Impact of Enterprise Risk Management Maturity," was published in The Journal of Risk and Insurance by a research team from Queen's University. The study provides statistical evidence of up to a 25% market valuation premium for firms that reach mature levels of enterprise risk management, as measured by the RIMS Risk Maturity Model for ERM.
The RIMS Risk Maturity Model for ERM has been recognized as a best practice framework by the following organizations:Institute of Internal Auditors
National Association of Insurance Commissioners (NAIC)
Risk and Insurance Management Society (RIMS)
The Risk Maturity Model Recognition Program was launched in 2015 and aims to recognize the leaders in enterprise risk management while enhancing the discipline of ERM. Organizations are nominated for this distinction on an annual basis, based on the scores of their RMM assessment.