Defining Risk Management Capabilities And How Risk Maturity Model

1998 Words8 Pages
This essay would start by defining risk management capability and how risk maturity model can be used to assess and enhanced an organisation risk management capability. Then it will go on and discuss the importance of enterprise risk management and discuss the role of chief executive risk officer. It is important to know how to define risk management capability. (Hillson, 1997) developed a risk maturity model for organisation to assess their current maturity, identifying new ways of improvement of risk management capability. There are four levels of risk maturity which are Naïve (level 1), Novice (level 2), Normalised (level 3) and Natural (level 4). The description of risk management maturity level are as follow. Naïve : "Unaware of the…show more content…
External parties might not be welcome as there are no record of success to compare with since there was not any proper risk management in place before. (Hopkinson,2011) added that 'level 2 does not set a particularly demanding standard. ' It requires creating value greater than the cost of implementing the risk management process. Advancing from level 2 to level 3 requires using a risk register. 'The Risk Register is a tool to assist Project Managers in identifying likely sources of risk and the impact they may have on achieving objective. ' (Government office from the North West,2008). The first step is a brainstorm session to identify risk that may affect the project. It is important that the risks are clearly defined so that the risk is understood clearly and can be tackled. Secondly, consequence and probability of risks need to be rated (e.g. 1-5) and define each rating by their impact or likelihood. Finally, multiply the ratings of consequence and impact, rank the risks from highest severity to lowest severity. (Government office from the North West,2008). Every risks should be assigned to a risk owner which is responsible for managing the risk, a risk response to minimise both the likelihood and impact of the risk and a target completion date for the mitigation. Regular risk reviews need to be done because risks might emerge or become no longer relevant constantly. However, the impact
Open Document