Key Risk Indicators (KRIs) are measurable values that provide early warning signals of increasing risk exposures in an organisation. They help monitor conditions that are to be reviewed by a risk assessor when assessing a risk which may be impacted by a related KRI trend. By tracking KRIs regularly, organisations can take proactive steps to mitigate risks, support decision-making, and strengthen overall risk management frameworks.
KRI Register
KRIs are created and maintained via a dedicated table as explained in this article.
They can be used to keep track of a wide variety of indicative values. Here are a couple of examples to illustrate the concept:
- A KRI "Aging Accounts Receivable" is tracked monthly to indicate the percentage of Aged Debt > 90 days. This is linked to a "Bad Debt" risk, which will be assessed with a higher likelihood score if the KRI value measured has increased since the previous assessment.
- A KRI "ERP System Uptime" is tracked regularly to indicate the uptime percentage of a critical ERP system. This is linked to a "IT Critical Systems Availability" risk, which will be assessed with a higher likelihood score if the KRI value measured has decreased since the previous assessment.
Other examples might include Staff Turnover Rate, Number of Customer Complaints, Product Returns, Average Rainfall.
KRI Tracking
KRI values are recorded on a regular basis, at a frequency that makes sense for the respective KRI (such as monthly). For this purpose KRI Tracking records are created in the system as explained in this article.
Linking KRIs to Risks Categories and Risks
Each Risk Category defined in the system can be linked to multiple KRIs to indicate that these are relevant to the Risk Category. This effectively creates a subset of KRIs, which in turn can be browsed when editing a Risk record, to pick those KRIs that are relevant to the Risk.
KRI Reporting
The system provides KRI reporting to visualise KRI values over time, which will be rated as Red-Amber-Green based on thresholds defined for the KRI. For the KRI examples given above, the charts produced might look like this:
These would be reviewed by risk assessor for any risks that are linked to these KRIs, to inform their risk assessment.