The RIMS Risk Maturity Model, co-developed by LogicManager CEO, Steven Minsky, and the RIMS Risk Management Society, has been adopted by yet another governance body in an attempt to formalize how organizations achieve risk management competency.

The NAIC specifically identifies the Risk Maturity Model (RMM) as an effective tool for evaluating the state of an organizations program, and indicates that Insurers should strive to meet a ‘Repeatable’ level of Enterprise Risk Management maturity in each principle to comply with the Own Risk and Solvency Assessment requirements.

Additionally, scores of Non-Existent, Ad-Hoc, and even Initial may result in increased oversight.

Ultimately, it will be up to the company to determine what, if any, action it takes in response to such discussions, but an assessment of Non-existent, Ad hoc or Initial maturity levels may impact the supervisory plan of the insurer (e.g. may result in increased intensity and scope of ongoing supervisory work).

The ORSA Summary Report

The ORSA Summary Report is a board-focused briefing on the Enterprise Risk Management activities of an insurer, similar to the risk management disclosures mandated by the SEC and other regulatory bodies. Designed to assist the board in meeting its fiduciary duty, the NAIC’s ORSA Summary Report should include a summary of the organization’s risk management methodology, and an examination of key risk classifications (credit risk, market risk, etc. – for more, see LogicManager’s NAIC Risk Framework plugin), as well as an overview of the monitoring activities in place for self-governance.

How to Implement the RIMS Risk Maturity Model

In order to effectively and efficiently adopt the RMM without increasing the costs associated with ERM programs, an insurer should instead seek to adopt a risk-based approach to its already existing governance functions.

Many insurers have the components required by RM ORSA (IT governance, credit risk monitoring, etc.), but have no ability to standardize the information for effective, enterprise-wide oversight: Standardized assessment criteria; a risk management process that walks through the steps of Identifying, Mitigations, and Monitoring risk; and a means of aggregating the wide variety of metrics associated with risk and opportunity management.

LogicManager offers a risk-based GRC software platform that accelerates your ability to manage cross functional information for ORSA, ERM, or other governance requirements. Read more in our eBook on implementing an ORSA framework.
Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!