An essential step in the improvement and application of risk management in companies is to define, if there are already existing risk management capabilities and how they are worked with. The first known maturity model in the field of risk management, the Risk Maturity Model (RMM), was invented by David Hillson in 1997. In this model Hillson describes four levels of maturity which are named -Naive-, -Novice-, -Normalised- and -Natural-. The enterprise-wide risk management based on the COSO II framework is not part of this model. Although it would be of great importance for profit-oriented management to make use of synergetic potential of those areas in a company, where risk is worked with. Based on the Capability Maturity Model Integration (CMMI), developed by the Carnegie Mellon University, an enterprise-wide risk maturity model (ERM) can be generated, where all different areas which are relevant for risk management are included. The application of this ERM-maturity model enables companies to evaluate individual risk management areas. With this approach it is easier to find sources of error and identify potentials of improvement.