I am working on a Thesis involving RM Maturity Model.
Found the RKSM model within CMMi and the M_o_R model.
Additionally I found some "commercial" Maturity Models.
Anyone who can give me some references or pointers?
Thanks,
Stef
You need to be a member of Global Risk Community to add comments!
Dear GlobalRisk Community member, Our community’s mission is to foster business, networking and educational explorations among members. Learn from some of the top experts in the industry as they clearly explain how to approach the most important Risk management concepts. Check out their expert tips and use the link at the end of each article to navigate back to the website to leave your comment or ask a question. Some of the topics include: How do you Explain Risk Appetite? How to Prepare a…
Read more…I have just published a guide on PEPs screening requirements around the world and would like to know if anybody has any feedback on it? https://complyadvantage.com/blog/politically-exposed-persons-peps-screening-requirements-around-the-world/CA-PEP-Screening-Map-FINAL-V7 (1).jpg
Read more…We created a free presentation (attached), which discusses both global and organizational impacts of the COVID-19 pandemic, along with critical actions organizations should take immediately. This presentation introduces a framework that helps regions and organizations navigate a path to recovery via 9 potential scenarios. These scenarios capture outcomes related to GDP impact, public health response, and economic policies. The presentation also breaks down 6 immediate and critical actions…
Read more…Now that the updated COSO and ISO risk management standards emphasize a connection to enterprise objectives and decision making, does this mean ERM and GRC solutions focused on risk registers and regulatory compliance are missing the true value of risk management?Will current risk management solutions evolve to integrate more decision support functionality or will standalone prescriptive analytics and other technology solutions take a more prominent role in enabling risk-informed…
Read more…We have an interesting question from one of our members. "We usually perform OTC FX transactions with clients backed-to-back on the market (with Banks). Now we are going to perform a FX swap (i.e. Spot + forward) JPY/EUR for the Bank account for 1 week at the longest. The purpose is to get EUR place @ CB for LCR compliance purpose (no trading purposes). Bank's Management think that this should be considered as a trading position and therefore be classified within the Bank's trading book.…
Read more…The recent sudden crash of oil prices has had a major impact on the world economy, leading to many troubled faces in the international arena. The Russians fear the effects of yet another powerful hit on their economy, Venezuela seems to be considering default and the Americans are weary of the consequences for its young and emerging shale oil industry. And then you have the Middle East, where the smallest match is enough to ignite the largest fire. But are these worries really justified or…
Read more…The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.
For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!
Replies
The maturity of an organisation's Risk Management processes should be tracked from no formal process to organisations where Risk Management is fully integrated into all Business aspects of the Organisation and this should be able to cover all types of Organisations.
Normally there are 4 levels of Risk Management processes as given below depending on the stage of maturity. Risk Management culture is best at Level 4.
Level 1 - Adhoc
Level 2 - Initial
Level 3 - Repeatable
Level 4 - Managed
Stef,
In ISACA's Risk IT Framework you find maturity models for each of the three domains:
Boards and executive management need to consider how effective their enterprises are at managing IT risk and should be able to answer these related questions:
It can be difficult to obtain meaningful answers to these questions. Management is constantly looking for benchmarking and self-assessment tools in response to the need to know what to do to achieve the best results. One such tool is maturity modelling, which can enable the enterprise to rate itself from the least mature level (having non-existent or unstructured processes) to the most mature (having adopted and optimised the use of good practices).
When modelling maturity, it is useful to identify a limited number of levels. A larger number would render the system difficult to use and suggest a precision that is not justifiable. In general, the purpose is to identify where enterprises are for certain activities and suggest how to set priorities for improvements.
The Risk IT maturity levels are designed as profiles in which an enterprise can identify symptoms or descriptions of its current and possible future states. Each enterprise will recognise that many of its processes are at different maturity levels; for example, some processes may be at level 1, some at level 3 and others at level 4. In this way, the maturity models are designed to enable management to focus on key areas needing attention, rather than on trying to get all processes stabilised at one level before moving to the next.
Using the Risk IT maturity models, management can identify:
In ISACA's Risk IT Framework for each domain, both high-level and detailed versions of the maturity model are provided. The detailed versions are built around the following attributes, each of which evolves through the categories:
The maturity model scales can help management understand where shortcomings exist and set targets for where they need to be. The most appropriate maturity level for an enterprise will be influenced by the enterprise’s business objectives, the operating environment and industry practices. Specifically, the level of IT risk management maturity will depend on the enterprise’s dependence on IT, its technological sophistication and, most important, the future role its executives and management foresee for information technology.
Best regards
Urs
alex.hindson@amlin.co.uk
In my research center we use the ISO 15504 maturity model.
Some of my colleagues applied them to Basel II requirements.
It may interest you.
http://www.cssf.lu/en/info-kits/grif-project/
Try www.rims.com - they have very good one.
Vladimir
ISACA material "Risk IT Framework" is useful.
http://www.isaca.org/Knowledge-Center/Research/Documents/RiskIT_FW_...
more detail is available from
http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables...
(ISACA members only)
-
1
-
2
of 2 Next