Table 1
Risk Management Maturity Models.
Table 3
Mode and normalization of the answers.
Table 4
RM3 maturity levels gaps.
Table 5
Results and sensitivity analysis.
1. Upper management actively takes part in risk activities, supports and encourages risk management.
2. Risk management capacity assessments are carried out for each new project in the organization.
3. Risk management information distributed and communicated to all project participants within the organization.
4. Risk management tools and techniques (i.e. FMEA, Preliminary Risk Analysis-PRA, Brainstorming, SWOT) are integrated and used in projects.
5. Resources are dedicated to projects in accordance with the severity of risk events identified.
6. There is a build-up of trust within the organization and project teams in relation to risk management.
7. Frequently, team members take risk ownership during project implementation.
8. Responsibilities for managing risks are distributed and carried out by all team members.
9. Risk events are openly communicated within the organization.
10. Risk management is widely accepted and practiced in all levels within the organization.
11. Potential risks are identified each time for new projects.
12. A systematic identification method (i.e. FMEA, Preliminary Risk Analysis-PRA, Brainstorming, SWOT) is used to ensure major risks are identified.
13. Information on risks identified is processed, grouped, and communicated to all project participants.
14. Risks identified are consistently revised and reevaluated throughout the project process.
15. Actual risks found are compared against initially identified risks.
16. All project participants are capable of basic risk analysis skills such as qualitative or quantitative analysis.
17. The likelihood of occurrence and magnitude of impacts of a risk is thoroughly assessed upon identification.
18. Qualitative and/or quantitative risk analysis tools and applications are used to assess identified risks.
19. After analyzing the analytical results of risks identified, it is used to aid in decision-making for risk responses.
20. The results of risk analysis are used as a basis for resource allocation and distribution to projects.
21. Risks are consistently identified, analyzed, responded to, and continuously monitored throughout the project life cycle.
22. The flow of risk management information is passed on and communicated throughout the entire project life cycle.
23. Risk management processes are woven into the daily business processes of the organization.
24. A standardized risk management process is applied to all projects within the organization.
25. The risk management process is reviewed frequently to ensure the process is effective.