Scribd
Upload
13 views

INS2016 - Chapter 6

Uploaded by

hoaithuong30042002
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
13 views

INS2016 - Chapter 6

Uploaded by

hoaithuong30042002
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

Chapter 6: Key Risk Indicators

Tuan Minh Nguyen


Learning Objectives

• Define key risk indicators


• Practical applications of key risk indicators
• Value of key risk indicators to risk management
• Implementation considerations of key risk indicators
1. Definition of Key Risk Indicators

• A KRI is a measure to indicate the potential presence,


level, or trend of a risk.
• KRIs measure the risk of the “well-being” of an
organization.
• KRIs have predictive value and can act as early warning
signals on the possible changes in an organization’s risk
profile.
1. Definition of Key Risk Indicators
Risk Situation Suggested KRI Measurement
Human Loss of staff
resources

Employee
dissatisfaction
Operation Production of
important product is
unable to keep up
with demand
Existing product
designs are
increasingly outdated
and could result in
declining sales
1. Definition of Key Risk Indicators
Risk Situation Suggested KRI Measurement

Revenues and costs


are not stable

Phishing attacks

High Competition

Credit default risk


1. Definition of Key Risk Indicators

• Characteristics of key risk indicators


• Relevant: helps identify risk that are directly associated with key
business objectives.
• Measurable: quantifiable (a number, percentage, etc.)
• Accurate: it must be applicable to specific risks or to controls that
are deficient
1. Definition of Key Risk Indicators

• Differentiation from Key Performance Indicators


• Key performance indicators (KPIs) are measures that are
focused on performance targets and are based on a wide range of
strategic, tactical, and operational objectives.
• Ex: revenue, or profitability goals, market share, and customer
satisfaction
• KRIs should be “leading indicators”
• KPIs are “lagging indicators”
2. Practical Applications

• KRIs can support strategy and performance in the


following ways:
• Validate organizational planning and monitor performance.
• Enhance operational efficiency and effectiveness.
• Clarify risk-taking expectations.
• Monitor risk exposures.
• Measure risk.
2. Practical Applications

• Validate Organizational Planning and Monitor


Performance
• The development of KRIs helps to better define, and at times
challenge, performance targets and business strategies and
objectives.
• Monitoring KRIs enables the organization to better monitor
performance through the enhanced ability to predict what may
impact performance.
2. Practical Applications

• Enhance Operational Efficiency and Effectiveness


• KRIs can support operational efficiency and effectiveness by
serving as an important input to resource allocation decisions.
• A typical risk prioritization tool consists of two conceptual
components:
• KRIs—leading risk indicators indicative of the level of risk.
• Risk prioritization rules—reflecting how KRIs should be risk scored.
Components include weightings assigned to the KRIs and decision
rules around aggregating risk scores.
2. Practical Applications

• Clarify Risk-Taking Expectations


• By ensuring that KRIs are aligned with the most significant risks,
an organization further clarifies the critical performance areas
that need to be monitored.
• Thresholds and escalation levels relating to KRIs reflect what is
acceptable and not acceptable to management and reflect an
organization’s risk appetite.
2. Practical Applications

• Monitor Risk Exposures


• KRIs provide early warning signals to trigger actions that would
help to prevent or minimize material losses or incidents.
3. Value of KRIs to Risk Management

• Risk appetite: Through the setting of threshold levels


and escalation levels, KRIs support and validate the risk
appetite and risk tolerance levels of an organization.
• Risk identification: KRIs can be set at a continuous
operational mode and can therefore help identify risk on a
more timely basis
3. Value of KRIs to Risk Management

• Risk mitigation: A KRI system involves triggering


investigative and/or corrective action and supports day-to-
day management of the business. Thresholds serve as
controls in constraining activities within limits.
• Risk measurement and reporting: KRIs provide
objective and quantitative risk information.
4. Implementation Considerations

• Obtaining Buy-In
• It is important to understand and to communicate to the
stakeholders the benefits to be gained through KRIs.
• Financial benefit: The use of KRIs can result in improved profitability,
reduced losses or earnings volatility, additional recoveries and/or capital
relief.
• Improved quality: The use of KRIs can positively impact service delivery,
social responsibility, customer service, and/or reputation.
• Satisfied people: The use of KRIs can lead to better alignment of
resources and skills, and more balanced workload.
4. Implementation Considerations

• Lack of Resources and Skills


• Organizations may find that they lack the resources and skills to
develop and implement a KRI framework.
• Organizations should leverage internal knowledge and engage
management who understands the business and the risks, as well
as technical experts in the area of risk management and KRIs, to
help identify KRIs.
4. Implementation Considerations

• Data and Technology Challenges


• The effectiveness of using specific KRIs is dependent on the
availability and integrity of data needed to provide the trend analyses.
• Assess the need for a tool to collect, calculate, monitor, and maintain
KRIs for cost-effectiveness purposes.
4. Implementation Considerations

• Sustainability of the KRI Framework


• KRIs need to be continuously reviewed to provide ongoing value.
• Changes in the environment, the organization’s business and
operations, risks and data sources can change the relevance of
specific KRIs at any point in time.

You might also like