Many organisations invest significant time and effort in Key Performance Indicators (KPI) to ensure teams are meeting their targets and the organisation is meeting its goals. However, it is less likely that they invest as much effort in identifying and tracking Key Risk Indicators (KRI).
If this rings true for your organisation, you may want to start differentiating between your KPIs and KRIs, so that you can manage your risk exposure more effectively. At a fundamental level, KRIs are measures or metrics that provide an early warning, which can assist an organisation to identify exposure to risk events that may have a negative impact on business performance. In addition to KRIs, you may also derive value from understanding their relationship with Key Control Indicators (KCIs) and Key Performance Indicators (KPIs). Properly defined, these 3 types of indicators can provide the organisation with timely and insightful data to support better decision making and performance.
At a fundamental level, Key Performance Indicators (KPIs) measure that degree to which as result of objective is met, while Key Risk Indicators (KRIs) measure changes to risk exposure. Key Control Indicators (KCIs) measure how well a control is performing in reducing causes, consequences or the likelihood of a risk.
A Risk Bow Tie Analysis is a useful model to assist in the identification of KRIs and KCIs, and to understand their connection to KPIs. The following diagram demonstrates where KRIs and KCIs sit in an analysis of the causes and consequences of a risk event, and how it connects to KPIs.
Watch our On-Demand Webinar on this subject to see how you can apply this diagram to a simple business example with a clear business objective and a risk event, and discover how KRIs and KCIs can help a business achieve its objectives more efficiently by managing and controlling potential risks.
Outlined below are key steps in developing and deploying KRIs in your organisation.
Agility and rapid response are pivotal to risk management. This means moving risks management into a current generation risk software which supports rapid decision making in those areas of the business that are most at risk. Camms.Risk has been designed to deliver on ISO 31000 requirements whilst providing flexibility to capture the organisation’s risk framework settings, KRIs, and end-to-end risk management process.