How Do You Develop Key Risk Indicators (KRIs)? And how do they differ from KPIs?
2 July 2021
Risk is part and parcel of business, and it’s rare to find a business where risk isn’t discussed and monitored on a regular basis. Key risk indicators (KRIs) should be an integral part of your risk framework and discussions. But what are KRIs and how do they differ from KPIs? In this article, we’ll answer both questions, and explore how you can develop effective KRIs for your organisation.
What are KRIs?
KRIs are indicators or metrics that are used to measure risks that the business is exposed to. Think of KRIs as an early warning system, like an alarm that goes off when the company’s risk exposure exceeds tolerable levels. In this way, KRIs help you to monitor risks and take early action to prevent or mitigate crises.
KRIs should be measurable and quantifiable. Examples might include:
- Financial KRIs: economic downturn, regulatory changes
- People KPIs: high staff turnover, low staff satisfaction
- Operational KPIs: system failure, IT security breach
However, it’s worth noting that the word “key” is important here. KRIs aren’t about monitoring every single risk facing the business. Instead, they focus on the most critical indicators for managing the highest risks – and these will vary from business to business in line with the company’s objectives and priorities. What constitutes a key risk for one business may not be important for another. Or what was a key risk for your business last year may not be a key risk this year, and so on.
How are KRIs related to KPIs?
KRIs and KPIs are closely linked – or they should be. In the average company, they’re often kept very separate. What I find in practice is that companies see performance management (KPIs) and risk management (KRIs) as two very different things. For example, the business may have a risk register that is developed and managed entirely separately from performance indicators.
I think this is the wrong way to go about it. You can’t discuss performance without discussing risk – they’re like two sides of the same coin. It’s therefore important that risk management and performance management are aligned.
Think of it this way:
- KPIs answer the question, “How are we doing against our goals?”
- While KRIs answer the question, “What is the likelihood that we might not achieve our goals?” or, to put it another way, “What might prevent us from achieving our goals?”
You can’t have one without the other if you want to manage both performance and risk effectively.
It’s therefore important to integrate KRIs into your performance management framework by linking KRIs to KPIs. This way, by establishing the right risk indicators for your business and monitoring ongoing performance through related KPIs, you can track performance and risk at the same time in one streamlined process. Risk and performance become properly aligned.
Using KRIs effectively
KRIs must be linked to the company’s strategic priorities, so it all starts with strategy. When I work with a client, we start by identifying the business’s key goals. Then we design KPIs that will monitor performance and tell us whether the business is on track against those goals. We also identify the key risks related to each goal, and design KRIs that can track those risks and act as an early warning system, thereby flagging up when the business is at risk of not achieving its goals.
In this way, each KRI should ideally be linked to a KPI and, in turn, be linked to core strategic goal, priorities and initiatives. This helps to keep the focus on key risks and not every possible risk that the organisation might face.
KRIs should be specific, predictive and easy to quantify through hard numbers, percentages or ratios. In addition, for each KRI, you’ll need to identify the relevant thresholds and trigger points – as in, when should your early warning system go off?
Once you’ve got your KRIs and KPIs in place, you need to monitor and track them regularly. How often will depend on the specific KPI and KRI. Some indicators may need to be monitored in real time, for instance, while others warrant only a quarterly check in. A performance management consultant will help you design the right metrics and monitoring system for your needs.
It’s also a good idea to review KPIs and KRIs regularly in terms of their relevancy to the business. After all, goals and priorities change as a business evolves and this will impact the risk management and performance management metrics that you choose.
Where to go from here
If you would like to know more about KPIs and performance measurement, check out my articles on:
- What is a Leading and a Lagging Indicator?
- What is the Difference between Key Performance Indicators (KPIs) and Critical Success Factors (CSFs)?
- How Many Strategic Goals Should a Company Have?
Or browse the KPI Library to find the metrics that matter most to you.
15 Habits To Achieve A Better Work-Life Balance In Today’s Fast-Paced World
Our world is unpredictable and changing fast. Technology brings new challenges and, very often, pressure to be constantly connected.[...]
The Future Of Business: 8 Trends For Startups To Watch
Change and transformation in business continue at a furious rate, and new trends pose opportunities and challenges for organizations of all sizes.[...]
The Power of Mindset: How Curiosity And Humility Can Drive Career Success
I’ve recently finished writing a book on essential future skills, and if I had to pick one skill that underpinned all the other skills in the book it’d be curiosity.[...]
How To Upgrade From Data-Driven To AI-Driven Marketing Analytics
We’re told that data is the key to business success. But how do we go about turning data into money?[...]
The 5 Biggest Problems With Blockchain Technology Everyone Must Know About
Blockchain technology has undeniably captured the imagination of the tech world and beyond, offering the promise of decentralized, transparent, and tamper-proof systems.[...]
How to Make AI Work in Your Organization
As the world continues to embrace the transformative power of artificial intelligence, businesses of all sizes must find ways to effectively integrate this technology into their daily operations.[...]
- Get updates straight to your inbox
- Join my 1 million newsletter subscribers
- Never miss any new content