Marshall Toburen

Does the World Need Another Maturity Model?

Blog Post created by Marshall Toburen Employee on May 6, 2015

A quick Google search on the words “Maturity Model” returned over 6 million results, with at least 22,000 results relating to the just recently released “RSA Archer Maturity Models”!


Yep, RSA Archer has released maturity models around each of its core solutions: Operational Risk Management, IT Security Risk Management, Regulatory and Corporate Compliance, Business Resiliency, Third Party Governance, and Audit Management.


We believe that it is important for our customers to understand the full capabilities of our solutions, to exploit them in a manner that brings the greatest efficiency and value to their organization.  Generally, this means enabling the progression of an organization from a siloed, compliance orientation to an advantaged, opportunity focused orientation.  This progression enhances an organization’s “risk intelligence”, helping them to make better and faster decisions about risk that strengthens their competitiveness, and increases the likelihood that they will achieve their mission and objectives without experiencing nasty surprises along the way.


In my last blog I discussed the breadth of Operational Risk events today based on an analysis of litigation volume and insurance premiums.  At the rate things are going, it’s unlikely we’re going to see a big drop in Operational Risk Events any time soon.  That is why there is still the need for another maturity model.  Organization’s still have a need to better manage Operational Risk.


There are four key capabilities integral to a successful OpsRisk program:


• Establishing the scope and context for ORM

• Identifying and Assessing Op Risks

• Making Decisions about Operational Risks and Treating the Risks; and

• Reporting On and Monitoring Operational Risks


The RSA Archer Operational Risk Management Maturity Model is designed to help organizations enable these key capabilities to their fullest using the RSA Archer Operational Risk Management Solution.


So, if you want to better understand what an Advantaged implementation of GRC looks like, please contact us to conduct a Maturity assessment.  To learn more about our maturity models, check out our Maturity Model White Papers.