About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
SOLI 2010
Conference paper
A practitioner's tool for enterprise risk management capability assessment
Abstract
In this paper, we present a method and a tool to assess the maturity of an enterprise's capability to manage its risks. Akin to the software capability model we rate a firms' risk management capability on a scale from one-to-five. Gaps between the bottom-up reported capabilities and the top-down perceived capabilities, as well as the gaps between organizations are highlighted and provide a useful reality-check for companies in their quest to improve their enterprise risk management (ERM) capabilities and processes. Through an explicit association of ERM capabilities with the organization's business strategy, we provide a more focused assessment and pinpointing of hotspots. The method presented in this paper is supported by a practitioner tool that is currently being piloted in a large IT consulting organization. © 2010 IEEE.