ERM Program Maturity Assessment Answer the questions below about your enterprise risk management program. All questions are required. When you submit, you’ll see your Organizational Appetite, Organizational Capacity, and your ERM maturity segment. Q1. Do risk management policies reinforce the risk culture and support a common understanding of how the organization manages risk? Choose one option. Yes – well established and embedded in the organization Somewhat – some areas have documented risk management polices No – risk management policies are not established Q2. Do you have a risk register (list) established that reflects a cross-functional perspective on risk? Choose one option. Yes Limited (only for some areas) No Q3. Do you manage risk centralized, decentralized, or ad hoc? Choose the option that best describes your organization. Centralized Decentralized – use consistent scoring methodology Decentralized – use individual scoring methods Ad hoc Q4. Does your organization have clear ownership and accountability for risks? Choose one option. Yes Somewhat – depends on the risk No Q5. Are identified risks connected to organizational strategic objectives? Choose one option. Yes Sometimes No Q6. Does the board visibly support the ERM program? Choose one option. Yes On limited occasions No Q7. Are the highest impact risk areas driving management decisions? Choose one option. Yes Sometimes No Q8. How often are ERM results shared with leadership or the board? Choose one option. Regularly Ad hoc Not at all Q9. Are you identifying emerging risks in a timely manner? Choose one option. Yes Somewhat No Q10. How are you managing risks today? Choose one option. Using a software system Spreadsheets/online documents We aren’t documenting risks yet Q11. Do you have a cadence for risk assessments? Choose one option. Yes for all Yes for critical risks No Q12. Which choice best reflects your organization’s scoring methodology Choose one option. We don’t have one/not sure Multiply Impact and Likelihood Includes factors beyond impact and likelihood (like velocity and preparedness) Q13. Do you have dedicated ERM personnel? Choose one option. Yes Some, but not enough No Q14. Is there an established and approved budget for implementing and ERM solution? Choose one option. Yes Not sure No Q15. Which departments besides risk management are involved with ERM? (check all that apply) Enter the number of departments (besides risk management) that are actively involved in ERM. Number of departments Q16. Does your team have time and resources to mitigate inherent risk? Choose one option. Yes Somewhat – only for critical risks No Q17. Do you currently invest in 3rd party resources (consulting, subscriptions, paid training) to assist with risk management? Choose one option. Yes Would if we had budget No See My ERM Maturity Your ERM Maturity Results Based on your responses, here’s how your ERM program scores today. Organizational Appetite Organizational Capacity Overall Maturity Segment Description Key Opportunity How Origami Risk Can Help Request a demo Enterprise risk management programs evolve over time, but it’s not always clear where yours stands or where to focus next. This short assessment can help you evaluate your ERM program across two critical dimensions: organizational appetite and organizational capacity. In just a few minutes, you’ll receive a clear view of your current ERM maturity, along with practical insights into your biggest opportunities to strengthen risk oversight, decision-making, and resilience.