Keywords: maturity models, pervasiveness, risk culture, risk behaviour, enterprise risk management, organisational culture, organisational maturity, organisational risk capability
Risk management pervasiveness and organisational maturity: a critical review
Implementing risk management remains a significant challenge for many organisations. In order to help address this issue, risk management maturity models have become an important tool for improving and assessing organisational risk capability. In this paper, we present a critical review of the existing literature on risk management maturity models. Drawing on existing theory, we challenge current conceptions of organisational culture and reveal assumptions that are commonly implied but rarely acknowledged. We offer a new conception of organisational risk management maturity that takes into consideration both the extent to which risk behaviour is coordinated across the whole organisation and the depth to which risk management is embedded in its' culture. Our aim in producing a theoretically informed conceptualisation of risk maturity is to help provide explanation, synthesis and cohesion in a fragmented field and to help make risk maturity research more relevant and valuable to risk practitioners.