The BOKRIM Application

The application is a combination of a self-assessment and the Hub.  The objective of the combination is to simplify the complexity of SAM risk management by breaking the process down into readily manageable stages and then illustrating how each stage can be performed.  

First, the assessment captures how an organization is managing each stage.  Then a SAM risk manager or team uses the Hub to explore their practice and control options.

An assessment or a subscription; what is the difference?

  1. An assessment means the organization has access to the application for 30 days.  The cost is $2,500.
  2. A subscription is annual and renewable.  The annual cost is $7,500.

An assessment

An assessment is a snapshot of an organization’s SAM risk management.  An organization typically has a specific objective in mind. 

They may want to:

  1. confirm they are managing SAM risk as well as they believe they are;
  2. test their SAM risk management and identify where they can improve; or
  3. demonstrate to someone, for example, an insurer, that they are managing SAM risk well.

A subscription

A subscription is for organizations that want to be confident they are managing SAM risk well over the long term.   

The length of access means an organization gets to identify, understand, and respond appropriately when SAM, SAM risk, SAM risk management, their organization, or any of their environments change.

A subscription also enables an organization to refresh their SAM risk management rating whenever they want or need to.  This is valuable, given stakeholders are more demanding of reliable and timely SAM risk management information.


Whether you choose the assessment or subscription, everything you disclose in the application or anywhere else on BOKRIM is covered by this mutual non-disclosure agreement between us.  By subscribing to the BOKRIM application, you are agreeing to be bound by this NDA.

The assessment

The assessment is designed to enable a SAM risk manager to record how they are managing their organization’s SAM risk. 

In particular, the objective is not just to record, for example, that an organization is performing background checks but how they are performing background checks – and to record how they determined the approach they have chosen to background checking is appropriate to them.  It is in the deliberations and decisions where SAM or any risk is really managed.

By recording the details of how organizations manage SAM risk, and comparing activity to results over time, SAM risk management itself can, for the first time, be measured.   You can manage and improve what you can measure…  You can identify which practices are most effective and ensure they are used as widely as possible. 

More important, given current practices are evidently not as effective as we would like, we can also investigate new and better practices.

The questions

There are some 500 questions.  Some questions seek data, others yes or no, many are multiple choice, and some are open.  The sum of the questions cover all the SAM risk management practices BOKRIM so far knows about. 

The answers

The multiple-choice answers are, collectively, the sum of all the ways BOKRIM has so far found that each SAM risk management practice can be implemented.   Each answer is scored depending on the perceived efficacy of the practice, based initially on expert opinion.

The Hub

The Hub is designed to enable a SAM risk manager to make well-informed decisions about how to manage their SAM risk.  It is a hub because it brings multiple perspectives to a SAM risk manager.


The primary perspective, initially, is expertise.  Expert opinion has informed the design of the framework, the questions posed and the responses offered in the assessment, and the initial scores given to the answers.

Expertise is also available prospectively.  Experts in SAM, SAM risk, or SAM risk management have tables at the Cafe.  They have agreed to answer questions, partly to make connections with prospective customers for their own businesses but also to help improve the practice of SAM risk management. 


The reason to apply scores to the assessment responses is to datafy the practice of SAM risk management.  Though experts can subjectively measure SAM risk management, datafication enables objective measurement, which in turn is how the most effective SAM risk management practices will eventually be reliably identified.   


The Café serves three purposes.  

First, by making it as easy as possible to collaborate, the Café reinforces one of BOKRIM’s core principles; that effective management of rare risks like SAM is only possible via collaboration.  No single entity can generate enough information on its own to understand the potential frequency, severity, complexity, or dynamism of a rare risk like SAM.

Second, all risk management decisions involve compromise.  No organization has so many resources or is so powerful in its environments that it can dictate how everyone and everything around it happens.  The Café provides SAM risk managers with a forum where experience with how to compromise effectively can be shared.

Third, by providing somewhere for SAM risk managers to ask peers or experts about their most pressing issues, the Café is also designed to form part of the leading edge of the SAM risk management incubation process.  Risk management incubation is the process of addressing the accelerating pace of change and increasing risk, volatility, uncertainty, and risk-related stakeholder expectations.