The risk maturity model: a new tool for improved risk management and feedback

Abstract

AbstractNorwegian governmental institutions use their risk management regulations to acquire and manage projects and assess the institutional practices. After many years documenting a positive trend, the audit authority noticed a stagnation in process improvement across the organization. A literature review of the use of risk management maturity models from other industries suggested a method for achieving continuous improvement. A corresponding maturity model has been developed and tested with positive results.This research developed a risk maturity model based on compliance requirements for the Norwegian defense sector. The intended use of this model is as the foundation for conducting assessments through audits and provide explicit guidance toward given requirements that facilitate extensive improvement in application of the risk management system. Use of the model in performing maturity assessments of organizational elements within the defense sector showed that the model supports the subsequent improvement activities through providing better understanding of the existing situation, and explicit visual feedback on areas that are satisfactory and areas in need of improvement. A maturity model provides a stepwise path showing the next level of improvement on the way to achieve required performance.