A risk indicator can be any metric used to identify your risk exposure over time. But how do you know you’ve selected the right ones for your organisation?
Key risk indicators (KRIs) facilitate the monitoring and control of risk. They link back to your operational risk management activities and processes, including risk identification; risk and control assessments; and the implementation of risk appetite, risk management, and governance frameworks.
Basically, a risk indicator can be any metric used to identify your risk exposure over time. They become KRIs when they track an especially important risk, or do so especially well because of their predictive value.
So when you look down at your list of KRIs, how do you know if they’re any good?
Good KRIs share a number of characteristics.
- Relevant: the indicator/data helps identify, quantify, monitor or manage risk and/or risk consequences that are directly associated with key business objectives/KPIs.
- Measurable: the indicator/data is able to be quantified (a number, percentage, etc.) and is reasonably precise, comparable over time, and is meaningful without interpretation.
- Predictive: the indicator/data can predict future problems that management can preemptively act on.
- Easy to monitor: the indicator/data should be simple and cost effective to collect, parse, and report on.
- Auditable: you should be able to verify your indicator/data, the way you sourced it, aggregated it, and reported on it.
- Comparable: it’s important to be able to benchmark your indicator/data, both internally and to industry standards, so you can verify the indicator thresholds.
If you’ve put a checkmark beside each of the characteristics above, then congratulations! You’ve got yourself some fine KRIs.
But selecting and building alignment around which KRIs are right for your organization is only the first step. Developing a sustainable, durable, and accurate measurement (as well as ongoing communication) of the KRIs is the second step.