Enterprise Risk Management
Maturity Assessments

Improve the efficiency and effectiveness of your ERM program.

GRF’s enterprise risk management approach is rooted in strengthening the link between risk and strategy. We review existing ERM initiatives to identify opportunities for organizations to enhance and get more value out of their current ERM efforts.

About ERM Maturity Assessments

We help organizations reorient more traditional risk management programs with a compliance or loss-prevention focus to better align with their strategy and support their mission. We go beyond benchmarking to provide a detailed path forward that is customized for an organization’s goals, needs, structure, and culture.

GRF uses the Capability Maturity Model* to benchmark risk management processes on a 5-point scale from “ad-hoc” to “optimized.”

We provide a detailed assessment of current strengths to build on and areas requiring improvement. We can benchmark against international (ISO 31000) or U.S. standards (COSO) or our proprietary model blending both sets of standards with nonprofit best practices.

*Developed by Carnegie Mellon University


At the end of a GRF maturity assessment, organizations receive a detailed roadmap to help them achieve their ERM objectives. GRF’s recommendations are actionable and customized to leverage an organization’s strengths and to address short-term and long-term priorities for all elements of the assessment.


  • Objective Setting
  • Internal Context
  • Risk Identification
  • Risk Analysis
  • Risk Evaluation
  • Risk Treatment
  • Monitoring and Review
  • Communication and Consultation

Explore ERM Resources

Go To Resources

Enterprise Risk Management Services

Go To Services Page

Talk to a GRF Expert

Contact Us