A key risk indicator (KRI) is a measure used in management to indicate how risky an activity is. This page is summary excerpts from Wikipedia / Key risk indicator.
Contents:
- What is a KRI?
- What are KRI examples?
- What is the best KRI?
- How can a KRI help?
- What makes a good KRI?
- How to handle KRI?
- Links
A key risk indicator (KRI) is a measure used in management to indicate how risky an activity is.
Key risk indicators are metrics used by organizations to provide an early signal of increasing risk exposures in various areas of the enterprise. It differs from a key performance indicator (KPI) in that the latter is meant as a measure of how well something is being done while the former is an indicator of the possibility of future adverse impact.
KRI give an early warning to identify potential event that may harm continuity of the activity/project.
KRIs are a mainstay of operational risk analysis.
Key risk indicators for finance:
-
letters of intent (LOI) such as unbooked dollar value ($)
-
value at risk (VaR) such as investment dollar value ($)
Key risk indicators for marketing:
-
customer complaints (CC) such as incident count (#) for previous N days
-
net detractor score (NDS) such as measured per user cohort
Key risk indicators for operations:
-
unplanned unavailability (UU) such as incident count (#) for previous N days
-
mean time to recovery (MTTR) such as for the previous N incidents
Key risk indicators for queues, pipelines, funnels, processes, etc:
-
σ: dropout rate
-
ε: error ratio
Organizations have different sizes and environment.
So every enterprise should choose its own KRI, taking into account the following steps:
-
Consider the different stakeholders of the organization
-
Make a balanced selection of risk indicators, covering performance indicators, lead indicators and trends
-
Ensure that the selected indicators drill down to the root cause of the events
-
Choose high relevant and high probability of predicting important risks: high business impact, easy to measure, high correlation with the risk, and sensitivity.
-
Determine thresholds and triggers for the set of KRI's
-
Locate and fold in data sources that contribute or feed data into KRI triggers
-
Determine notification methods, recipients, and action or response sequences
The constant measure of KRI can bring the following benefits to the organization:
-
Provide an early warning: a proactive action can take place
-
Provide a backward looking view on risk events, so lesson can be learned by the past
-
Provide an indication that the risk appetite and tolerance are reached
-
Provide real time actionable intelligence to decision makers and risk managers
Qualities of good key risk indicators:
-
Ability to measure the right thing (e.g., supports the decisions that need to be made)
-
Quantifiable (e.g., damages in dollars of profit loss)
-
Capability to be measured precisely and accurately
-
Ability to be validated against ground truth, and confidence level one has in the assertions made within the framework of the metric
Management selects a risk response strategy for specific risks identified and analyzed, which may include:
-
Avoidance: exiting the activities giving rise to risk
-
Reduction: taking action to reduce the likelihood or impact related to the risk
-
Alternative Actions: deciding and considering other feasible steps to minimize risks
-
Share or Insure: transferring or sharing a portion of the risk, to finance it
-
Accept: no action is taken, due to a cost/benefit decision
Monitoring is typically performed by management as part of its internal control activities, such as review of analytical reports or management committee meetings with relevant experts, to understand how the risk response strategy is working and whether the objectives are being achieved.
Wikipedia:
