Assess your company’s risk maturity level

Thursday, September 23, 2010 | Posted by: Simon Lowe

Our recent business risk report shows widespread complacency in company risk management processes. Check the risk maturity of your organisation by answering the following set of questions.


  • Have you assessed your risk appetite in determining the business model?
  • Is the board active in risk management?
  • Do the right people have ownership of your risks?

Risk strategy and policies

  • Do your risk processes add value to the business?
  • Has risk management been embedded in the business?
  • Are risk systems integrated with business processes?


  • Are the right people involved in risk management?
  • Is there a common awareness of risk throughout the business?


  • Are you confident that you have identified and are managing your main risks?
  • Do you utilise robust models to quantify and score risks?
  • Is this consistently applied?

Assess your risk maturity

These suggested questions come from Grant Thornton's experts on the areas of risk management and aim to help you to discuss and assess the quality of your risk management framework. We measure this against five levels of risk maturity:

  • Risk Naive – No formal approach developed for risk management.
  • Risk Aware – Scattered silo based approach to risk management.
  • Risk Defined – Strategy and policies in place and communicated.
  • Risk Managed – Enterprise-wide approach to risk management developed and communicated.
  • Risk Enabled – Risk management and internal control fully embedded in the operations.

Download the risk equation report

A new risk equation? Safeguarding the business model is available for download. Written in collaboration with the Economist Intelligence Unit, it canvassed 465 senior managers (more than half at C-level) between Oct 2009 and April 2010 to review their risk management practices and considers how they may fare in the future.