Protecht.ERM Showcase: Manage all your risks with an easy to use and configurable system (Thu 27/08 10am BST)
Register Now

This is part 4 of our video series on "Disparate and Disconnected Risk Processes and Information". In this video, David Tattam talks about key risk indicators how risk metrics can be used to help create an integrated view of your risks.

KRI - Business Stream - Edited

Video Transcription:

Hi, I'm David Tattam, Director of Research and Training at the Protecht Group. This is the next in the series of business risk videos. And today we're going to be talking about key risk indicators or risk metrics. For the other videos, check out the links below.

So what exactly are risk metrics? They're really measurable elements, measurable evidence of risk controls as risk and controls operate, develop through the business. It's like thinking that when risk develops, it gives off puffs of smoke, red flags and we're looking out for what are those pieces of information that we can collect and get intelligence from.

What's their purpose, primarily an early warning signal. And the sooner we can get that information, the quicker we can act. And secondly, as part of that, it makes our risk management reporting information more real time.

Process of creating great risk metrics

So what are the bits of the processes around creating great metrics?

  1. Identify the metric

    Firstly is to identify what they are. And for that we really need to understand our risks from beginning to end, from causes, events, impacts and so on. And from there start thinking what would the information be given off if that risk were to develop? If it's a key control indicator, we would be looking at what metrics can we use to measure the performance of the control.

  2. Identify the quality of the metric

    Now the next issue is the quality of the indicator. And for that we look at things such as whether the indicator is leading, we have quite a lot of time to react when we read that indicator. Or is it lagging? Secondly, is it strong or weak in relation to the risk? And thirdly, practical things such as the ease of collection.

  3. Identify the type of the metric

    Now there's really two types of risk indicators metric we can use. The first one is basic, a single piece of information like number of customer complaints. And the more advanced one is when we use composite indicators such as our ratio, number of customer complaints divided by the number of customers, which is a lot more powerful indicator.

  4. Link it to the risks

    Once we've identified the type of indicator we then need to link it to the risks so we can produce that integrated cohesive view of our our risk profile.

  5. Set up the metric

    Now, once we've identified the indicator, when you just set it up. How do we set it up to operate? We need to connect it to a business unit. We need to set thresholds from green to amber, amber to red, so we can report the indicator based on our risk appetite, green, amber and red. Periodicity, what's the frequency? How often will we be collecting the indicators? We then need to assign responsibility for a particular person collecting this information on an ongoing basis. And lastly, work flowing so people get prompted and followed up in order to put this information, if it is manual or if it's interface collecting it automatically.

  6. Collect information about the metric

    Then we obviously need to collect that information on an ongoing basis.

  7. Report

    And once we've got that we're now ready to report. And there's many ways we can report our metrics, but the most obvious one that I'll share with you the best in the world, I would argue, is the cockpit of an aircraft. So fundamentally we're trying to create the cockpit of the business of the organisation.
So please check out our other videos and between now and then take care and hopefully we'll see you soon.

Other videos in this series:

Free Webinar - Watch this and many other webinars - Watch Now

Featured Articles

feature image

Managing Risk and Compliance in a COVID-19 World

This is the time for a well-developed, well-embedded and well-operated enterprise risk management framework and processes. It is not a time to throw away risk management thinking. It is a time to bring it into action.
feature image

Redefining Risk - Never Look at Risk the Same Way Again

What was once a backstage concern must now play a leading role. The reality is, if you want to be better as a company, you need to get better at taking risks.

Get practical resources in your inbox every month.

Thought leadership content on risk management, governance and compliance.

Subscribe Now

Related Articles

feature image
Risk Management Framework, Internal Auditors, Risk Professionals, Compliance Professionals, Health & Safety Managers, Protecht.ERM

Take a new look at risk with Protecht.ERM 9.0

The release of version 9.0 sees a brand new layout, making it easier for you to use and navigate Protecht.ERM like never before. And with our new...
Read more
feature image
Key Risk Indicators, Risk Management Framework

Some features of the Protecht.ERM 8.4 release.

In this short video, Peter Walker, Chief Technology Officer at Protecht, gives a quick overview of  some of the new features that the development...
Read more
feature image
ERM, Risk Assessment, Risk Management Software, Videos, Risk Management Framework, Webinars

Protecht.ERM System Demo APAC -Recording

Enterprise Risk Management = Integrated Risk Management in Protecht.ERM This event was done live on 10 September 2019. Access the recording here. In...
Read more