Key Risk Indicators. What Are They and Do You Need Them?
Brad Smith
Principal Consultant, Camms
Reading Time : 5 Mins
Published Date : July 30, 2021
Last Updated : January , 11 2022

Many organisations invest significant time and effort in Key Performance Indicators (KPI) to ensure teams are meeting their targets and the organisation is meeting its goals. However, it is less likely that they invest as much effort in identifying and tracking Key Risk Indicators (KRI).

If this rings true for your organisation, you may want to start differentiating between your KPIs and KRIs, so that you can manage your risk exposure more effectively. At a fundamental level, KRIs are measures or metrics that provide an early warning, which can assist an organisation to identify exposure to risk events that may have a negative impact on business performance. In addition to KRIs, you may also derive value from understanding their relationship with Key Control Indicators (KCIs) and Key Performance Indicators (KPIs). Properly defined, these 3 types of indicators can provide the organisation with timely and insightful data to support better decision making and performance.

What’s the Difference between KPI, KRI and KCI?

At a fundamental level, Key Performance Indicators (KPIs) measure that degree to which as result of objective is met, while Key Risk Indicators (KRIs) measure changes to risk exposure. Key Control Indicators (KCIs) measure how well a control is performing in reducing causes, consequences or the likelihood of a risk.

How Do KRIs and KCIs Help An Organisation?

A Risk Bow Tie Analysis is a useful model to assist in the identification of KRIs and KCIs, and to understand their connection to KPIs. The following diagram demonstrates where KRIs and KCIs sit in an analysis of the causes and consequences of a risk event, and how it connects to KPIs.

How to apply kris kcis and kpis to a risk bow tie analysis

Watch our On-Demand Webinar on this subject to see how you can apply this diagram to a simple business example with a clear business objective and a risk event, and discover how KRIs and KCIs can help a business achieve its objectives more efficiently by managing and controlling potential risks.

Steps in Developing and Deploying KRIs

Outlined below are key steps in developing and deploying KRIs in your organisation.

Key Points to Consider when Setting KRIs
  • Quality not quantity is the aim with identifying and tracking KRIs for your business.
  • Focus on the organisation’s high impact/critical risk events, and not everything in the risk register.
  • Identify KRI thresholds and trigger points.
  • Ensure key or critical controls, which have the greatest effect on mitigating causes or reducing consequences have been identified to inform the choice of the right KCIs.
  • Camms.Risk solution supports the 4-step development and deployment of KRIs.

Agility and rapid response are pivotal to risk management. This means moving risks management into a current generation risk software which supports rapid decision making in those areas of the business that are most at risk. Camms.Risk has been designed to deliver on ISO 31000 requirements whilst providing flexibility to capture the organisation’s risk framework settings, KRIs, and end-to-end risk management process.

Key Risk Indicators – What Are They and Do You Need Them?
Risk is an element of every business, and it’s rare to find a business where risk isn’t discussed and monitored...
Register Now
Key Risk Indicators. What Are They and Do You Need Them?
Brad Smith
Principal Consultant, Camms
Key Risk Indicators. What Are They and Do You Need Them?
Key Risk Indicators. What Are They and Do You Need Them?
Get In Touch
Our team is ready and available to support you with any inquiry you may have.
Contact Support
Key Risk Indicators. What Are They and Do You Need Them?