Risk Maturity Model

The concept of risk management maturity is introduced in ISO 31000

"The current management practices and processes of many organizations include components of risk management, and many organizations have already adopted a formal risk management process for particular types of risk or circumstances. In such cases, an organization can decide to carry out a critical review of its existing practices and processes in the light of this International Standard."
(Source : ISO 31000 Introduction)

"Organizations should develop and implement strategies to improve their risk management maturity alongside all other aspects of their organization."
(Source : Chapter 3 Principle K)

G31000 Risk Maturity Model helps organizations assess alignment to ISO 31000 principles and current maturity level and to develop a roadmap for continuous improvement

Why G31000 Risk Maturity Model?

Global Institute for Risk Management Standards is a network of over 65,000 risk management experts across the world, more than 1000 people has been ISO 31000 certified risk professionals.

G31000 Risk Management Maturity Model is the only globally recognized model that has been designed to closely align with the ISO 31000:2009 principles.

Focuses not on formal elements of risk management but on the integration of risk management into activities, decision making and culture.

Created by a global team with extensive knowledge in risk management and risk maturity models.

Endorsed by global organizations.

G31000 Risk Maturity Model structure

G31000 Risk Management Maturity Model is structured around the ISO 31000 principles.

Each of the 11 principles has a set of criteria to test current maturity and identify opportunities for improvement.

The overall scoring system is based on a detailed questionnaire linked directly to identified sub-components of all the principles and is mapped to a 3-level risk maturity scale.

Available for self-assessment or external validation, available in hard-copy or electronic.

Can be applied at any organizational, program, project or subsidiary levels.

Each of the 11 principles covers:

  • Detailed assessment criteria specifically designed for each principle.
  • List of documents to review.
  • List of stakeholders to interview.
  • Sample interview questions related to each principle.
  • Recommendations for the walkthrough.
  • Scoring criteria.
  • Worksheets for comments, maturity assessment and opportunities for improvement.
  • Compliance-driven
  • Structured
  • Integrated

Special promotional offer

Order today to receive a special promotional offer


Complimentary updates of the G31000 RMM for the next 3 years.

Electronic copy

Electronic copy of the G31000 RMM including the scoring model (Spreadsheet).

Hard copy

Hard copy of the G31000 RMM, including postage and handling.

G31000 Risk Institute has developed a Risk Management Maturity Model (RMM) for organizations that seek to improve the quality of risk management and decision making across the organization. The G31000 RMM has been significantly updated to align with the new ISO 31000 2018 version. It provides guidelines, benchmarking and assessment criteria and can be used by the risk management function, the internal audit function, external consultants and the Board.

Who can use the maturity model?

The G31000 Risk Management Maturity Model can be used by any public, private, governmental or community enterprise, association, group or individual.

It can be used in a self-assessment or a detailed benchmarking activity by an independent assessor to determine the current state of risk management and assist in identifying key areas for improvement for progress to the next level of maturity.

This model is not specific to any industry or sector and can be applied to any type of risk, whatever its nature and whether it would have positive or negative consequences, or a combination of both.

The model can be applied throughout the life of an organization and to a wide range of activities within an organization.

What is G31000 Risk Management Maturity Model?

The G31000 Risk Management maturity model is designed to assist organizations on the road to embed risk management into all activities throughout the organization, including decision-making. It defines key levels of maturity against which an organization can measure its current status and identify actions for continual improvement. G31000 RMM can be used to:

  • benchmark current risk management practices
  • develop an implementation strategy
  • a roadmap or an action plan for managing risk as part of all activities
  • help identify potential gaps or misalignments with the ISO 31000:2018 standard
  • provide targeted guidance around one or more specific elements of risk management

Advantages of the G31000 Risk Maturity Model

  • The G31000 Risk Management Maturity Model has been developed by a team of experts with complementary background, including internal audit, knowledge management, project management, performance management, decision-making theories, human factors, management system standards and their integration.
  • The development of the G31000 Risk Management Maturity Model is based on the content of the international ISO 31000:2018 risk management standard and driven on consensus. The electronic version can be downloaded for a fee and is accessible to anyone without restriction. Organizations can use the downloadable model for detailed self-assessment or engage G31000 members to conduct the review. As it is based on evidence, the subjectivity of the reviewer or the user is reduced and comparable results could be collected.
  • Can be used as a self-assessment tool by the in-house risk management or internal audit team.
  • External independent gap-analysis of current risk management practices can be conducted by Approved or Certified ISO 31000 Lead Assessor, under the auspices of G31000 Risk Institute. Consulting services are designed to provide reasonable assurance that risk management practices are aligned with the purpose & principles outlined in the ISO 31000 risk management standard.

Open for member comments

G31000 is now open for comments to G31000 members. Become a full member to contribute and receive a free copy of the G31000 Risk Management Maturity Model.


Companies We Trained