Skip to main content
Enterprise Risk Management (ERM) maturity assessments are great... until they're not. In this post, we examine the issues with most ERM maturity assessments and explain how Origami Risk's ERM assessment breaks from the status quo.

It’s easy to see the appeal of a tool that asks you a few questions about your ERM program and then gives you customized information based on your answers.

Like taking your car to a mechanic, they’d look at a few key areas and explain just what your options are for fixing or improving things. Living in the post-2020 era has only made this kind of diagnosis even more valuable due to:

  • Increased pressure from leadership to make ERM more strategic/relevant
  • Difficulty in moving from wherever you are, to whatever the next level might be
  • Lack of consensus on what a “win” looks like for an ERM program

There are a wide number of maturity assessment tools out there, which initially seem like a logical first step. Figure out where your program stands and get advice on how to move forward. The problem is that most of these tools fail to actually provide that kind of deliverable — something relevant to your specific situation, and pointing you to the next appropriate steps.

Two critical flaws

Most program assessments have flaws that limit how useful they can be. First, they ignore the risk culture within the organization. Your ERM program itself may be highly mature, but if the organization doesn’t value the outputs (or even know what exactly to do with them) there is a hard cap on how successful that program can ultimately be. Unfortunately, most maturity assessments completely ignore this factor (or any factor beyond maturity).

Secondly, many of these tools assume a certain level of infrastructure is already in place for the program. Their “lowest” level may assume risk assessments are already going out consistently and a thorough risk library has been built. Obviously, this leaves behind all of the organizations who may not have those processes in place, or are questioning if they built them correctly.

Maturity assessments the Origami way


Our new maturity assessment tool produces a different end result because it was designed differently. It tracks multiple factors (including those related to risk culture) to provide a more rounded picture of where your organization stands. It even compares your scores to the average of all respondents, allowing you to see an instant benchmark of how you stack up in multiple dimensions.

Beyond that, it produces a personalized PDF with content driven by your responses. No generic responses that may be overly broad and not apply to your organization’s specific situation. You answer a few simple questions, the assessment calculates multiple scores, and then provides a customized response based on each of those factors. Much more practical and relevant.

Change is always hard. Trying to improve (or start building) a successful ERM program is no different. We designed this tool to deal with that reality, sidestep the two biggest flaws found in most assessments, and fuel the first steps toward improvement. And if you decide to use the results to help build a next-level attack plan (or plan on how to get started), we can help with that too.

See for yourself how the Origami Risk ERM Maturity Assessment differs from the rest.