Key Risk Indicators What Are They and Do You Need Them?
Brad Smith
Principal Consultant
Reading Time: 5 Mins Date: July 30, 2021
Many organisations invest significant time and effort in Key Performance Indicators (KPI) to ensure teams are meeting their targets and the organisation is meeting its goals. However, it is less likely that they invest as much effort in identifying and tracking Key Risk Indicators (KRI).
Many organisations invest significant time and effort in Key Performance Indicators (KPI) to ensure teams are meeting their targets and the organisation is meeting its goals. However, it is less likely that they invest as much effort in identifying and tracking Key Risk Indicators (KRI).
If this rings true for your organisation, you may want to start differentiating between your KPIs and KRIs, so that you can manage your risk exposure more effectively. At a fundamental level, KRIs are measures or metrics that provide an early warning, which can assist an organisation to identify exposure to risk events that may have a negative impact on business performance. In addition to KRIs, you may also derive value from understanding their relationship with Key Control Indicators (KCIs) and Key Performance Indicators (KPIs). Properly defined, these 3 types of indicators can provide the organisation with timely and insightful data to support better decision making and performance.
At a fundamental level, Key Performance Indicators (KPIs) measure that degree to which as result of objective is met, while Key Risk Indicators (KRIs) measure changes to risk exposure. Key Control Indicators (KCIs) measure how well a control is performing in reducing causes, consequences or the likelihood of a risk.
How Do KRIs and KCIs Help an Organisation?
A Risk Bow Tie Analysis is a useful model to assist in the identification of KRIs and KCIs, and to understand their connection to KPIs. The following diagram demonstrates where KRIs and KCIs sit in an analysis of the causes and consequences of a risk event, and how it connects to KPIs.
Image 1: How to apply KRI’s, KCI’s and KPI’s to a Risk Bow-tie Analysis
Watch our On-Demand Webinar on this subject to see how you can apply this diagram to a simple business example with a clear business objective and a risk event, and discover how KRIs and KCIs can help a business achieve its objectives more efficiently by managing and controlling potential risks.
Steps in Developing and Deploying KRIs
Outlined below are key steps in developing and deploying KRIs in your organisation.
Identification
Selection
Reporting
Actions
Key Points to Consider When Setting KRIs
Quality not quantity is the aim with identifying and tracking KRIs for your business.
Focus on the organisation’s high impact/critical risk events, and not everything in the risk register.
Identify KRI thresholds and trigger points.
Ensure key or critical controls, which have the greatest effect on mitigating causes or reducing consequences have been identified to inform the choice of the right KCIs.
Camms.Risk solution supports the 4-step development and deployment of KRIs.
Agility and rapid response are pivotal to risk management. This means moving risks management into a current generation risk software which supports rapid decision making in those areas of the business that are most at risk. Camms.Risk has been designed to deliver on ISO 31000 requirements whilst providing flexibility to capture the organisation’s risk framework settings, KRIs, and end-to-end risk management process.
*Source: Australian Government | Department of Finance (2016)