An ERM Maturity Model

In recent years, Enterprise Risk Management (ERM) has emerged as a new risk management technique aimed at managing the portfolio of risks facing an organization in an integrated, enterprise-wide manner. Unlike traditional risk management, where individual risk categories are managed from a silo-based perspective, ERM involves a holistic view of risks allowing businesses to take into account correlations across all risk classes. The academic literature on ERM is focused on two main aspects: the analysis of the factors that influence ERM adoption and its effects on firms’ performance. No studies have been conducted yet to propose robust and rigorous models to evaluate the quality, or maturity, of ERM programs implemented by firms. The aim of the research described in this paper is to fill this gap in the literature. To build a rigorous ERM maturity model, we have run an e-mail Delphi procedure involving a panel of worldwide experts on ERM who reached their consensus on the selection of a set of ERM best practice parameters, which are used to develop a structured questionnaire to be administered to firms. Expert consensus is also obtained on the scales and the scores for each questionnaire answer option. The output of the Delphi method is a scoring model that can be used to assess the maturity of an ERM program by administering a questionnaire composed of 22 closed-end questions to firms: Answers are collected and scored, and all scores are combined in a single final score, the ERM Index (ERMi). Finally, the robustness of the model has been tested on a small sample of firms. We foresee two different uses of the ERMi maturity model, one by scholars for further quantitative research on ERM topics, and one by practitioners, as ERMi is suitable to be used by firms for a self-assessment of their ERM programs (internal use) and by consultancy firms, auditors, and rating agencies (external use). The difference with other existing maturity models is its solid scientific base, the rigor with which it has been designed, and the fact that it is derived from a Delphi procedure involving leading ERM experts who reached consensus on the model detailed design.