This is part 4 of our video series on "Disparate and Disconnected Risk Processes and Information". In this video, David Tattam talks about key risk indicators how risk metrics can be used to help create an integrated view of your risks.

KRI - Business Stream - Edited

Video Transcription:

Hi, I'm David Tattam, Director of Research and Training at the Protecht Group. This is the next in the
series of business risk videos. And today we're going to be talking about key risk indicators or risk
metrics. For the other videos, check out the links below.

So what exactly are risk metrics? They're really measurable elements, measurable evidence of risk controls as risk and controls operate, develop through the business. It's like thinking that when risk develops, it gives off puffs of smoke, red flags and we're looking out for what are those pieces of information that we can collect and get intelligence from.

What's their purpose, primarily an early warning signal. And the sooner we can get that information, the quicker we can act. And secondly, as part of that, it makes our risk management reporting information more real time.

Process of creating great risk metrics

So what are the bits of the processes around creating great metrics?

  1. Identify the metric

    Firstly is to identify what they are. And for that we really need to understand our risks from beginning to end, from causes, events, impacts and so on. And from there start thinking what would the information be given off if that risk were to develop? If it's a key control indicator, we would be looking at what metrics can we use to measure the performance of the control.

  2. Identify the quality of the metric

    Now the next issue is the quality of the indicator. And for that we look at things such as whether the indicator is leading, we have quite a lot of time to react when we read that indicator. Or is it lagging? Secondly, is it strong or weak in relation to the risk? And thirdly, practical things such as the ease of collection.

  3. Identify the type of the metric

    Now there's really two types of risk indicators metric we can use. The first one is basic, a single piece of information like number of customer complaints. And the more advanced one is when we use composite indicators such as our ratio, number of customer complaints divided by the number of customers, which is a lot more powerful indicator.

  4. Link it to the risks

    Once we've identified the type of indicator we then need to link it to the risks so we can produce that integrated cohesive view of our our risk profile.

  5. Set up the metric

    Now, once we've identified the indicator, when you just set it up. How do we set it up to operate? We need to connect it to a business unit. We need to set thresholds from green to amber, amber to red, so we can report the indicator based on our risk appetite, green, amber and red. Periodicity, what's the frequency? How often will we be collecting the indicators? We then need to assign responsibility for a particular person collecting this information on an ongoing basis. And lastly, work flowing so people get prompted and followed up in order to put this information, if it is manual or if it's interface collecting it automatically.

  6. Collect information about the metric

    Then we obviously need to collect that information on an ongoing basis.

  7. Report

    And once we've got that we're now ready to report. And there's many ways we can report our metrics, but the most obvious one that I'll share with you the best in the world, I would argue, is the cockpit of an aircraft. So fundamentally we're trying to create the cockpit of the business of the organization.
So please check out our other videos and between now and then take care and hopefully we'll see you soon.

Next steps

See how you can create and use risk metrics to track your overall risk management efforts by learning more about what makes them great. Click below to register to our live webinar:

Other videos in this series:

ASIC Report Whitepaper: A Regulatory Spotlight on Non-Financial Risk
Whitepaper

A Regulatory Spotlight on Non-Financial Risk

Download Now

Related Articles

feature image
Risk Management Framework Internal Auditors Risk Professionals Compliance Professionals Health & Safety Managers Protecht.ERM

Take a new look at risk with Protecht.ERM 9.0

The release of version 9.0 sees a brand new layout, making it easier for you to use and navigate Protecht.ERM like never before. And with our new...
Read more
feature image
Key Risk Indicators Risk Management Framework

Some features of the Protecht.ERM 8.4 release.

In this short video, Peter Walker, Chief Technology Officer at Protecht, gives a quick overview of  some of the new features that the development...
Read more
feature image
ERM Risk Assessment Risk Management Software Videos Risk Management Framework Webinars

Protecht.ERM System Demo APAC -Recording

Enterprise Risk Management = Integrated Risk Management in Protecht.ERM This event was done live on 10 September 2019. Access the recording here. In...
Read more