Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Key risk indicator
open-in-new
<h2 id="definitions">Definitions</h2> <p>According to <a href="/facts/OECD/CI9W2zGv">OECD</a><a class="footnote-ref" id="fnref:1" href="#fn:1"><sup>1</sup></a> </p> <i>A risk indicator is an indicator that estimates the potential for some form of resource degradation using mathematical formulas or models.</i> <h2 id="risk-management">Risk management</h2> <h3>Security risk management</h3> <p>According to <a href="/facts/Risk_IT/8FXbrg06">Risk IT</a> framework by <a href="/facts/ISACA/WScgn3jM">ISACA</a>,<a class="footnote-ref" id="fnref:2" href="#fn:2"><sup>2</sup></a> key risk indicators are metrics capable of showing that the organization is subject or has a high probability of being subject to a risk that exceed the defined <a href="/facts/Risk_appetite/hqn7DrhT">risk appetite</a>. </p><p>Organizations have different sizes and environment. So every enterprise should choose its own KRI, taking into account the following steps: </p> <ul><li>Consider the different stakeholders of the organization</li> <li>Make a balanced selection of risk indicators, covering <a href="/facts/Performance_indicator/qVbntaF8">performance indicators</a>, lead indicators and <a href="/facts/Market_trend/5C1BeRrp">trends</a></li> <li>Ensure that the selected indicators drill down to the root cause of the events</li> <li>Choose high relevant and high probability of predicting important risks: <ul><li>High business impact</li> <li>Easy to measure</li> <li>With high correlation with the risk</li> <li>Sensitivity</li></ul></li> <li>Determine thresholds and triggers for the set of KRI's</li> <li>Locate and fold in data sources that contribute or feed data into KRI triggers</li> <li>Determine notification methods, recipients, and action or response sequences</li></ul> <p>The constant measure of KRI can bring the following benefits to the organization: </p> <ul><li>Provide an early warning: a proactive action can take place</li> <li>Provide a backward looking view on risk events, so lesson can be learned by the past</li> <li>Provide an indication that the <a href="/facts/Risk_appetite/hqn7DrhT">risk appetite</a> and tolerance are reached</li> <li>Provide real time actionable intelligence to decision makers and risk managers</li></ul> <p>Advances in hosted cloud data storage, data federation, and data aggregation have enabled data supply chains for real time calculation of key risk indicators across heretofore unlinked or disconnected data sources. Risk level dashboards can be supplemented with real time push notifications of risk. Systems methods and tools addressing triggering of notifications when targets are attained for key risk indicators have been evolving. Calculating and enabling notifications of key risk indicators used to be a unique benefit of enterprise software packages. With the evolution of API's to calculate trigger values for key risk indicators across various data sources, the potential for risk managers to include data external to an enterprise or external to an enterprise database has changed the risk management landscape. </p> <h2 id="qualities-of-good-key-risk-indicators">Qualities of good key risk indicators</h2> <p>Some qualities of a good key risk indicator include:<a class="footnote-ref" id="fnref:3" href="#fn:3"><sup>3</sup></a> </p> <ul><li>Ability to measure the right thing (e.g., supports the decisions that need to be made)</li> <li>Quantifiable (e.g., damages in dollars of profit loss)</li> <li>Capability to be measured precisely and accurately</li> <li>Ability to be validated against ground truth, and <a href="/facts/Confidence_interval/NS8mG5UE">confidence level</a> one has in the assertions made within the framework of the metric</li> <li>Comparability Over Time and Business Units</li> <li>Assessment of Risk Owners’ Performance</li></ul> <h2 id="see-also">See also</h2> <ul><li><a href="/facts/Committee_of_Sponsoring_Organizations_of_the_Treadway_Commission/eSYqds99">Committee of Sponsoring Organizations of the Treadway Commission</a></li> <li><a href="/facts/Enterprise_risk_management/2RHayMua">Enterprise risk management</a></li> <li><a href="/facts/ISO_31000/5DErxQSI">ISO 31000</a></li></ul> <h2 id="external-links">External links</h2> <ul><li> Data related to Key risk indicator at Wikidata</li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>OECD Glossary of statistical terms <a href="http://stats.oecd.org/glossary/detail.asp?ID=2360" target="_blank">http://stats.oecd.org/glossary/detail.asp?ID=2360</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>"ISACA THE RISK IT FRAMEWORK (registration required)" (PDF). Archived from the original (PDF) on 2010-07-05. Retrieved 2010-12-13. <a href="https://web.archive.org/web/20100705110913/http://www.isaca.org/Knowledge-Center/Research/Documents/RiskIT-FW-18Nov09-Research.pdf" target="_blank">https://web.archive.org/web/20100705110913/http://www.isaca.org/Knowledge-Center/Research/Documents/RiskIT-FW-18Nov09-Research.pdf</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>Sheldon, Abercrombie, & Mili (2009). "Methodology for Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission". 2009 42nd Hawaii International Conference on System Sciences. Vol. 42nd Hawaii International Conference on, Big Island, HI. pp. 1–10. CiteSeerX 10.1.1.502.6181. doi:10.1109/HICSS.2009.308. ISBN 978-0-7695-3450-3.{{cite book}}: CS1 maint: multiple names: authors list (link) <a href="978-0-7695-3450-3" target="_blank">978-0-7695-3450-3</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> </ol>