GRC Professional - February 2015 Edition | Page 31
SURVEY
THE GRCI RISK
MATURITY MODEL
Many risk management teams are under-resourced and the
result is that they are struggling to achieve best practice in
their risk management frameworks. GRC Professional looks at
the results from the GRCI Risk Maturity Model survey.
The failure
to embed
frameworks fully
into the business
ties in with the
fact that more
than 50% of
professionals
believe that
the risk
management
function is
under-resourced
at their firm.
THE GRCI RISK MATURITY MODEL HAS
been developed based on the eleven ISO31000:2009
Risk Management Principles. In previous years,
GRCI has released both the compliance and risk
management benchmarking surveys together as one
survey; however, after consultation with members,
it was felt that better analysis would be provided for
members, if they were separated going forward.
The purpose of the Maturity Model is:
• To provide a self-evaluation tool to allow
organisations to benchmark their risk
management function(s) against peers
• To highlight and describe best practice and
allow organisations to identify where they could
improve
• To drive improved risk management
performance and, where applicable, as evidence
in requests for more resources
The survey asked the level of maturity for each
principle.
Results
The results present a broadly positive picture of the
health of the industry, but clearly work needs to be
done. Across the eleven principles, only principle
nine, Risk management is transparent and inclusive, Y[ܙH[