Italian National Institute of Statistics (ISTAT)

ISTAT has developed a model that considers all components of the framework and risk management process described in the guidelines; each component is articulated on 4 levels that represent the specific maturity level, based on the statements deriving from the analysis of the practices collected through the surveys and from the comparison among the most relevant international risk management standards.

Some descriptors have been made up for the purpose of illustrating in greater detail the different topics connected to the core areas. These allow the items to be allocated among four maturity levels characterized by reference to attributes / performance indicators, consisting of potential / typical features.

The grid highlights, for each descriptor reflecting the extent to which each risk management competency or capability is defined and controlled, three elements or Reading-keys used both in the survey design and in the processing phase:

1. Risk rationalities (processes) that corresponds to the organizations’ efforts to translate uncertainty into manageable and communicable conceptualization of risks, and the definitions of activities and tasks to deal with them.
2. Uncertainty experts (roles) that refers to the actors - their experience, background and interactions -, organizational units or structures to which the organization assigns the responsibility for risk management.
3. Technologies (support)  that denotes the complex sets of practices, procedures and tools enacted to accomplish the management and control of risks.

Coherently with this framework, core areas / items are graded using a four-point scale, designed taking into account that each maturity level is a defined position in an achievement hierarchy establishing the attainment of certain risk management capabilities.