Cripes! How long have we known of, and not delivered on, the value of KRIs? Whether reporting to the Audit and Risk Committee (ARCs) or to the full Board KRIs should add plenty of extra value. This is what I wrote in a LinkedIn post in 2016 with a few minor edits.
I am interested to hear your thoughts on the efficacy of KRIs. Do you use them in a formal sense? How do you use them, for example as part of your risk appetite process or framework? What has changed since using them?
In my world I have whittled the KRI picture at the enterprise level down to this:
The board and leadership team set the direction for the organisation along with specific objectives. These should have KPIs.
The board and leadership team then set a risk appetite for each objective. Each has KRIs.
Think of it like this. KPIs are indicators of what has happened over the last quarter as far as the objective is concerned while the KRIs are indicators of what may happen to the KPIs for the objective in the next quarter or in the quarters to follow.
If you do this your KRIs are aligned to what matters to management and will deliver value to the organisation as they are early warning indicators of future performance.
Having said that, KRIs need to be designed well. Seek quality, not quantity – which measure or mix of measures tells 80% of the story? KRIs should be drawn from the strategic risk profile of each of the strategic objectives. They should be monitored, calibrated and changed if they are not providing early warning.
For those who are looking into KRIs I hope these tips help. For those using them, I would love to get your thoughts, in particular I would love to hear your success stories. Just hit ‘reply’ to this email.
The other place you should go for tips on KRIs is the RMIA’s ERM Course IN PERSON next week (see below) or my book Risky Business: How Successful Organisations Embrace Uncertainty. See Chapter 9: Reading the Signals for identifying them and Chapter 10: Quantifornication for how to measure KRIs appropriately.