The G31000 Risk Management Maturity Model (RMM) aligns with ISO 31000 principles to help organizations assess their risk management maturity and identify improvement opportunities. It is structured around 11 principles with criteria for evaluation and offers a roadmap for continuous enhancement in risk management practices. Organizations can utilize this model for self-assessment or external validation, promoting the integration of risk management into decision-making and overall processes.

1. © G31000 2017 - Good practices in risk management standardization 1
The only ISO 31000 principles-based risk maturity model

2. Contents
• Why G31000 Risk Maturity Model?
• G31000 Risk Maturity Model structure
• Results of evaluation
• Next steps
© G31000 2017 - Good practices in risk management standardization 2

3. The concept of risk management maturity is introduced in ISO31000
• The current management practices and processes of many
organizations include components of risk management, and
many organizations have already adopted a formal risk
management process for particular types of risk or
circumstances. In such cases, an organization can decide to
carry out a critical review of its existing practices and
processes in the light of this International Standard.
(Source : ISO31000 Introduction)
• Organizations should develop and implement strategies to
improve their risk management maturity alongside all
other aspects of their organization.
(Source : Chapter 3 Principle K)
© G31000 2017 - Good practices in risk management standardization 3
G31000 RMM helps
organizations assess
alignment to ISO31000
principles and current
maturity level and to
develop a roadmap for
continuous improvement

4. Why G31000 Risk Maturity Model?
• Global Institute for Risk Management Standards is a
network of over 65,000 risk management experts
across the world, more than 1000 people has been
ISO31000 certified risk professionals
• G31000 Risk Management Maturity Model is the only
globally recognized model that has been designed to
closely align with the ISO31000:2009 principles
• Focuses not on formal elements of risk management
but on the integration of risk management into
activities, decision making and culture
• Created by a global team with extensive knowledge in
risk management and risk maturity models
• Endorsed by global organizations
© G31000 2017 - Good practices in risk management standardization 4

5. G31000 Risk Maturity Model structure (1/2)
• G31000 Risk Management Maturity Model is
structured around the ISO31000 principles
• Each of the 11 principles has a set of criteria to
test current maturity and identify
opportunities for improvement
• The overall scoring system is based on a
detailed questionnaire linked directly to
identified sub-components of all the principles
and is mapped to a 3-level risk maturity scale
• Available for self-assessment or external
validation, available in hard-copy or electronic
• Can be applied at any organizational, program,
project or subsidiary levels
© G31000 2017 - Good practices in risk management standardization 5
Compliance-
driven
Structured
Integrated

6. G31000 Risk Maturity Model structure (2/2)
© G31000 2017 - Good practices in risk management standardization 6
Each of the 11 principles covers:
▪ Detailed assessment criteria specifically
designed for each principle
▪ List of documents to review
▪ List of stakeholders to interview
▪ Sample interview questions related to
each principle
▪ Recommendations for the walkthrough
▪ Scoring criteria
▪ Worksheets for comments, maturity
assessment and opportunities for
improvement

7. Results of evaluation
• Current state of risk management
maturity and alignment with
ISO31000 principles
• Identified gaps and opportunities
for improvement
• Specific recommendations and
action plans to improve risk
management practices across the
organization or its subsidiaries
• Statement of independent
validation of your organizations risk
management practices (available
for external assessments carried out
by G31000 professionals only)
© G31000 2017 - Good practices in risk management standardization 7
C. Risk
management
is part of
decision
making
• Risk assessments during
decision making is carried
out informally or post
factum only
• Information about the
risks associated with
decision-making is
suppressed or discussed
reluctantly
• Business units rarely act
as risk assessment
customers during the
decision-making
• Strategic decisions are
made by senior
management without any
expert risk management
opinion
• Risk assessments are carried
out for some of the most
significant strategic decisions,
however this is done ad-hoc
and often not documented
• Whenever risk assessments
for key decisions are done,
risk information is
communicated to the decision
makers timely and in full,
however not all stakeholders
may be informed
• Significant strategic and budgetary
decisions are made by the
management only after analysing the
risks associated with these decisions
• Key operating decisions are made only
after risk assessments are complete
• Business units independently or with
the help from risk management
experts carry out risk assessments for
key decisions
• Risk management department is
involved in core operational decisions.
Risk manager may veto some high-risk
decisions
• In situations of high uncertainty risk
management experts, stakeholders
and risk owners are involved in the
decision-making process
• Decisions are communicated to
stakeholders, who may be impacted by
the risks associated within these
decisions
Compliance-driven Structured Integrated
A. Risk
management
creates and
protects
value
B. Risk
management
is an integral
part of all
organization
al processes
C. Risk
management
is part of
decision
making
D. Risk
management
explicitly
addresses
uncertainty
E. Risk
management
is systematic,
structured
and timely
F. Risk
management
is based on
the best
available
information
G. Risk
management
is tailored
H. Risk
management
takes human
and cultural
factors into
account
I. Risk
management
is
transparent
and inclusive
J. Risk
management
is dynamic,
iterativeand
responsive
to change
K. Risk
management
facilitates
continual
improvemen
t of the
organization

8. Next steps
Order today to receive a
special promotional offer:
1. Hard copy of the G31000
RMM, including postage and
handling
2. Electronic copy of the G31000
RMM including the scoring
model (excel)
3. Complimentary updates of the
G31000 RMM for the next 3
years (due to be updated to
when ISO31000:2018 will be
published)
© G31000 2017 - Good practices in risk management standardization 8
4,500 USD
3,000 USD
offer valid until 24 September 2017*
G31000 Middle East
Ersoy Aksoy
+971 4 5590258 (Dubai)
Ersoy.Aksoy@G31000.ae
* 6th International ISO 31000 conference is scheduled on 24-25
September 2017 in Dubai, UAE. See :
https://G31000conference.org/