About Key Risk Indicators (KRI)
- KRI is a metric that provides information on the level of exposure to a given operational risk which the organization has at a particular point in time. They can be measured in terms of percentages or numbers.
- KRIs are measures that enable risk managers to identify potential losses before they happen. KRI’s must regularly be monitored, and reported to organisation’s management so that they are informed to take informed strategic decisions. The primary role of a KRI is to track trends over a period of time, these trends are then converted into early warning signals.
- Once the KRIs are selected, the management defines the thresholds basis which the risk mitigation plans will be triggered.
- KRIs are an important tool within risk management and are used to enhance the monitoring and mitigation of risks and facilitate risk reporting
Key Characteristics of Effective KRIs
Types of KRIs
- Leading KRIs : These KRIs are measures that are considered predictive in nature. They are derived from metrics that can help to forecast future occurrences.
- Lagging KRIs : These KRIs are metrics based on historical measures. These help to identify trends in the firm.
Advantages of KRIs
- Enhanced understanding of risk dynamics: Defining and monitoring KRIs provides a deeper insight into the key threats to the organization
- Proactive risk strategies: With a greater understanding of the risk dynamics the management team can define more accurate methods to assess and minimize potential risks
- Well Defined Risk tolerance levels: Using KRIs, the management can define the company’s tolerance threshold and the risk limits that trigger a corrective action
- Deeper insight into past and emerging risk trends:Periodic and regular monitoring of KRIs provides the organisation with a more accurate view of the risk trends. These might be used to determine which activities or business lines are more vulnerable and need further monitoring, as well as new opportunities for growth.
Examples of KRIs
- System Availability – Up Time
- Total number of service request opened
- Percentage of Requests Not Resolved within SLA
- Capacity Management – Number of Instances Where Systems Exceeded Capacity Requirements
- Percentage of System/Application Unplanned Downtime
- Percentage of Changes Considered Emergency Changes
- Percentage of IT Projects Delayed
- Percentage of IT Projects That Exceeded Budget
- Total Number of IT Assets Current Not in Use
- Average Page Load Time
Compliance Testing and Substantive Testing in Audits