Key Risk Indicator
Encyclopedia
A Key Risk Indicator, also known as a KRI, is a measure used in management to indicate how risky an activity is. It differs from a Key Performance Indicator (KPI) in that the latter is meant as a measure of how well something is being done while the former is an indicator of the possibility of future adverse impact. KRI give us an early warning to identify potential event that may harm continuity of the activity/project.
KRIs are a mainstay of Operational Risk
analysis.
framework by ISACA,. Key risk indicators are metrics capable of showing that the organization is subject or has a high probability of being subject to a risk that exceed the defined risk appetite
.
Organizations have different sizes and environment. So every enterprise should choose its own KRI, taking into account the following steps:
The constant measure of KRI can bring the following benefits to the organization:
KRIs are a mainstay of Operational Risk
Operational risk
An operational risk is, as the name suggests, a risk arising from execution of a company's business functions. It is a very broad concept which focuses on the risks arising from the people, systems and processes through which a company operates...
analysis.
Definitions
According to OECD- A risk indicator is an indicator that estimates the potential for some form of resource degradation using mathematical formulas or models.
Security risk management
According to Risk ITRisk IT
Risk IT provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues.Risk IT was published in 2009 by ISACA...
framework by ISACA,. Key risk indicators are metrics capable of showing that the organization is subject or has a high probability of being subject to a risk that exceed the defined risk appetite
Risk appetite
Risk Appetite is a method to help guide an organisation’s approach to risk and risk management.-Definition:The level of risk that an organisation is prepared to accept, before action is deemed necessary to reduce it...
.
Organizations have different sizes and environment. So every enterprise should choose its own KRI, taking into account the following steps:
- Consider the different stakeholders of the organization
- Make a balanced selection of risk indicators, covering performance indicators, lead indicators and trendsMarket trendA market trend is a putative tendency of a financial market to move in a particular direction over time. These trends are classified as secular for long time frames, primary for medium time frames, and secondary for short time frames...
- Ensure that the selected indicators drill down to the root cause of the events
- Choose high relevant and high probability of predicting important risks:
- High business impact
- Easy to measure
- With high correlation with the risk
- Sensitivity
The constant measure of KRI can bring the following benefits to the organization:
- Provide an early warning: an proactive action can take place
- Provide a backward looking view on risk events, so lesson can be learned by the past
- Provide an indication that the risk appetiteRisk appetiteRisk Appetite is a method to help guide an organisation’s approach to risk and risk management.-Definition:The level of risk that an organisation is prepared to accept, before action is deemed necessary to reduce it...
and tolerance are reached
See also
- [COSO]]
- Enterprise risk managementEnterprise Risk ManagementEnterprise risk management in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives...
- ISACA
- ISO 31000ISO 31000ISO 31000 is intended to be a family of standards relating to risk management codified by the International Organization for Standardization. The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management...
- Operational riskOperational riskAn operational risk is, as the name suggests, a risk arising from execution of a company's business functions. It is a very broad concept which focuses on the risks arising from the people, systems and processes through which a company operates...
- Performance indicator
- Risk appetiteRisk appetiteRisk Appetite is a method to help guide an organisation’s approach to risk and risk management.-Definition:The level of risk that an organisation is prepared to accept, before action is deemed necessary to reduce it...
- Risk ITRisk ITRisk IT provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues.Risk IT was published in 2009 by ISACA...