The new risk management standard ANSI/ASSE Z690.2 [ identical to ISO 31000 ] now allows an organization of any size and business activity to assess the maturity and adequacy of its risk management system (RMS). Many organizations currently have at least informal management practices and processes which include the fundamental components of risk management as detailed in Z690.2. However, confidence and assurance that those practices and processes are adequate, mature, and effective is often lacking. Even if an organization has not already adopted a formal risk management process for particular types of risk or business circumstances, it can and should decide to carry out a regular critical review of its existing RM practices and processes in the light of the new standard's requirements.
This paper details how assessment tools are constructed and used to review/assess/even audit how well the organization conforms/complies with the standard and hence provides a measure of maturity and adequacy of the organization's own system. The process is best called a Conformity Assessment.
