Skip to content

Disparate and Disconnected Risk Processes and Information? Solving the Problem with Key Risk Indicators

This is part 4 of our video series on "Disparate and Disconnected Risk Processes and Information". In this video, David Tattam talks about key risk indicators how risk metrics can be used to help create an integrated view of your risks.

Video Transcription:

Hi, I'm David Tattam, Director of Research and Training at the Protecht Group. This is the next in the series of business risk videos. And today we're going to be talking about key risk indicators or risk metrics. For the other videos, check out the links below.

So what exactly are risk metrics? They're really measurable elements, measurable evidence of risk controls as risk and controls operate, develop through the business. It's like thinking that when risk develops, it gives off puffs of smoke, red flags and we're looking out for what are those pieces of information that we can collect and get intelligence from.

What's their purpose, primarily an early warning signal. And the sooner we can get that information, the quicker we can act. And secondly, as part of that, it makes our risk management reporting information more real time.

Process of creating great risk metrics

So what are the bits of the processes around creating great metrics?

  1. Identify the metric

    Firstly is to identify what they are. And for that we really need to understand our risks from beginning to end, from causes, events, impacts and so on. And from there start thinking what would the information be given off if that risk were to develop? If it's a key control indicator, we would be looking at what metrics can we use to measure the performance of the control.

  2. Identify the quality of the metric

    Now the next issue is the quality of the indicator. And for that we look at things such as whether the indicator is leading, we have quite a lot of time to react when we read that indicator. Or is it lagging? Secondly, is it strong or weak in relation to the risk? And thirdly, practical things such as the ease of collection.

  3. Identify the type of the metric

    Now there's really two types of risk indicators metric we can use. The first one is basic, a single piece of information like number of customer complaints. And the more advanced one is when we use composite indicators such as our ratio, number of customer complaints divided by the number of customers, which is a lot more powerful indicator.

  4. Link it to the risks

    Once we've identified the type of indicator we then need to link it to the risks so we can produce that integrated cohesive view of our our risk profile.

  5. Set up the metric

    Now, once we've identified the indicator, when you just set it up. How do we set it up to operate? We need to connect it to a business unit. We need to set thresholds from green to amber, amber to red, so we can report the indicator based on our risk appetite, green, amber and red. Periodicity, what's the frequency? How often will we be collecting the indicators? We then need to assign responsibility for a particular person collecting this information on an ongoing basis. And lastly, work flowing so people get prompted and followed up in order to put this information, if it is manual or if it's interface collecting it automatically.

  6. Collect information about the metric

    Then we obviously need to collect that information on an ongoing basis.

  7. Report

    And once we've got that we're now ready to report. And there's many ways we can report our metrics, but the most obvious one that I'll share with you the best in the world, I would argue, is the cockpit of an aircraft. So fundamentally we're trying to create the cockpit of the business of the organisation.
So please check out our other videos and between now and then take care and hopefully we'll see you soon.

Other videos in this series:

Free Webinar - Watch this and many other webinars - Watch Now

About the author

David Tattam is the Chief Research and Content Officer and co-founder of the Protecht Group. David’s vision is the redefine the way the world thinks about risk and to develop risk management to its rightful place as being a key driver of value creation in each of Protecht’s clients. David is the driving force in driving Protecht’s risk thinking to the frontiers of what is possible in risk management and to support the uplift of people risk capability through training and content.