Organizations cannot survive risks unless the management has an insight into the underlying or impending threats. An early warning system is indispensable for any business because it will identify new risks and keep track of the existing risk status. This allows the formulation of effective risk mitigation plans.
Key risk indicators (KRIs) play an important role here; they are a measurement method used to identify the possible emergence of a risk.
How do KRIs function?
Risk managers analyse the causes of significant risks to the business and then create a repository of risk indicators designed to highlight if any of the identified causes has emerged or are emerging in the business. Such an indicator is linked to a specific risk to expose its variation in frequency, or impact of the imminent risk event, and measure its severity.
Why does an organization require KRIs?
It is a powerful tool used by risk managers and the management in general to tackle risks. KRIs help in providing:
- Quantifiable early-warning signals
- Timely monitoring of potential or emerging risks
- Sufficient time for preparing risk mitigation programs
- Clear perspective into an organization’s risk position
- Better insight into risks and controls
- Awareness on risk patterns and trends
KRIs can be extremely useful for creating an effective enterprise risk management system; but here are a few common mistakes that need to be avoided when building risk indicators:
Risk events of low frequency
Developing KRIs is a matter of skill and expertise. Indicators should be based on specific risks that the organization, industry or domain is exposed to. Basically, the more customized the KRIs, the better they function for the organization. With focus being higher on personalizing risk indicators, organizations tend to ignore risk events with low probability of occurrence. That is a drawback to overcome.
Poorly defined KRIs
Another slip-up often found while generating risk indicators is the lack of consistency and standardization followed by members involved in collecting and aggregating KRI data. The KRI measurement approach should project uniformity in order to retain objectivity and avoid “noise” in the final decision-making process.
The strength of impact
Risk managers should consider not just the probability of occurrence, but also the consequences of risk events while developing risk indicators.
For building effective KRIs, one should have in-depth perception of risks. KRIs should reflect the potential root causes of events and high risk levels. At the same time, it should be aligned with objectives of the organization and requirements of the company’s stakeholders.
Maher has more than 10 years of experience working in the fields of Banking and Auditing.Before joining Grant Thornton, he was an Audit manager with Deloitte & Touche specializing in Financial Institutions audits.
Maher has 1 1/2 years of experience working in Deloitte & Touche LLP – USA. He conducted Internal Audit and Due Diligence assignments for a number of well-known companies in Jordan and USA.He has also participated in implementing and testing Sarbanes Oxley requirements for SEC companies.
Since Joining GT in 2008, Maher has supervised a number of Internal Audit Assignments for well known organisations in the region
Latest posts by Maher (see all)
- The Significance, Benefits and Pitfalls of Key Risk Indicators - January 10, 2015
- Are Risk Management Measurements and Metrics Important? - June 25, 2014
- Taking Finance & Banking to the Cloud – ORM Software for Banking Industry - May 25, 2014