Abstract
A common challenge in life is to evaluate and deal with risks. Even though Risk management is fundamental to any activity, it is too often evaluated and managed from a qualitative rather than a quantitative perspective. In order to improve, too often organizations are seeking compliance against a single model/approach, forgetting that most often 'one model doesn't fit all' and that the target process model is the organizational one, strengthened by external best practices. An approach to process improvement that takes this into consideration is LEGO (Living EnGineering prOcess). LEGO extracts the most useful Elements of Interest (EoI) from several types of maturity models into an organizational Business Process Model (BPM) in order to facilitate to the achievement of higher organizational maturity and capability levels, that's the definitive intended target to be improved. This paper applies the LEGO approach to Risk Management, analyzing several Risk Management Maturity Models and unifying their practices in order to come up with a more comprehensive process model on risk management integrating multiple views.