Research Information System
SUSTAINABILITY, vol.18, no.1929, pp.1-21, 2026 (SCI-Expanded, SSCI, Scopus)
This study proposes and pilots a COSO-2017-based enterprise risk management (ERM) maturity index informed by the use of strategic management tools (SMTs) to benchmark strategic risk management capability in service organizations. Using secondary SMT usage data extracted from seven Turkish graduate theses (eight organizations in hotels and hospitals), we computed overall and component-level maturity scores on a standardized 0–1 scale. The average ERM maturity was 0.52 (medium), with stronger Governance and Culture (0.56) than Performance (0.48) and Information, Communication and Reporting (0.51), indicating persistent gaps in risk-to-metrics translation and reporting infrastructures. Hotels exhibited higher maturity than hospitals (0.575 vs. 0.49), and private hospitals outperformed public hospitals (0.57 vs. 0.41). The index illustrates a replicable benchmarking approach to identify capability gaps and prioritize ERM improvements—particularly strengthening KRIs, performance feedback loops, and data-enabled reporting that are central to resilience- and sustainability-oriented decision-making.