Risk Management: A Maturity Model Based on ISO 31000

Risk Management, according with the ISO Guide 73 is the set of "coordinated activities to direct and control an organization with regard to risk". In a nutshell, Risk Management is the business process used to manage risk in organizations. ISO 31000 defines a framework and process for risk management. However, implementing this standard without a detailed plan can become a burden on organizations. This paper presents a maturity model for the risk management process based on ISO 31000. The purpose of this model is to provide an assessment tool for organizations to use in order to get their current risk management maturity level. The results can then be used to create an improvement plan which will guide organizations to reach their target maturity level. This maturity model allows organizations to assess a risk management process according to the best practices defined in risk management references. The maturity model can also be used as a reference for improving this process since it sets a clear path of how a risk management process should be performed.