An ERM Maturity Model

ERM Symposium 2013 Monograph

Posted: 10 Jan 2013 Last revised: 27 Sep 2014

See all articles by Barbara Monda

Barbara Monda

RiskGovernance - Politecnico di Milano, Management, Economics and Industrial Engineering Department

Marco Giorgino

Polytechnic University of Milan

Date Written: January 10, 2013


In the recent years, Enterprise Risk Management (ERM) has emerged as a new risk management technique aimed to manage the portfolio of risks that faces an organization in a integrated, enterprise-wide manner. Unlike traditional risk management, where individual risk categories are managed from a silo-based perspective, ERM involves an holistic view of risks allowing to take into account correlations across all risk classes.

The academic literature on ERM is focused on two main aspects: the analysis of the factors that influence ERM adoption and its effects on firms performances. No studies have been conducted yet to propose robust and rigorous models to evaluate the quality, or maturity, of ERM programs implemented by firms. The aim of the research described in this paper is to fill this gap in the literature. In order to build a rigorous ERM maturity model, we have run an e-mail Delphi procedure involving a panel of worldwide experts on ERM and reached their consensus on the selection of a set of ERM best practice parameters, which are used to develop a structured questionnaire to be administered to firms. Experts consensus in obtained also on the scales and the scores for each questionnaire answer option. The output of the Delphi method is a scoring model that can be used to assess the maturity of an ERM program by administering a questionnaire composed of 22 closed-end questions to firms: answers are collected and scored, and all scores are combined in a single final score, the ERM Index (ERMi). The robustness of the model has finally been tested on a small sample of firms.

We foresee two different uses of the ERMi maturity model, one by scholars for further quantitative research on ERM topics, and one by practitioners, as ERMi is suitable to be used by firms for a self-assessment of their ERM programs (internal use), and by consultancy firms, auditors and rating agencies (external use). The difference with other existing maturity models is its solid scientific base, the rigour with which it has been designed and the fact that it is derived from a Delphi procedure involving leading ERM experts who reached consensus on the model detailed design.

Keywords: Enterprise Risk Management, maturity model, Delphi method

JEL Classification: G32

Suggested Citation

Monda, Barbara and Giorgino, Marco, An ERM Maturity Model (January 10, 2013). ERM Symposium 2013 Monograph, Available at SSRN: or

Barbara Monda (Contact Author)

RiskGovernance - Politecnico di Milano, Management, Economics and Industrial Engineering Department ( email )

Piazza Leonardo da Vinci, 32
Milano, 20133


Marco Giorgino

Polytechnic University of Milan ( email )

vial Lambruschini 4B
Milan, Milan 20156

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics