Written by

Bernard Marr

Bernard Marr is a world-renowned futurist, influencer and thought leader in the fields of business and technology, with a passion for using technology for the good of humanity. He is a best-selling author of 20 books, writes a regular column for Forbes and advises and coaches many of the world’s best-known organisations. He has over 2 million social media followers, 1 million newsletter subscribers and was ranked by LinkedIn as one of the top 5 business influencers in the world and the No 1 influencer in the UK.

Bernard’s latest book is ‘Business Trends in Practice: The 25+ Trends That Are Redefining Organisations’

View Latest Book

How Do You Develop Key Risk Indicators (KRIs)? And how do they differ from KPIs?

2 July 2021

Risk is part and parcel of business, and it’s rare to find a business where risk isn’t discussed and monitored on a regular basis. Key risk indicators (KRIs) should be an integral part of your risk framework and discussions. But what are KRIs and how do they differ from KPIs? In this article, we’ll answer both questions, and explore how you can develop effective KRIs for your organisation.

What are KRIs?

KRIs are indicators or metrics that are used to measure risks that the business is exposed to. Think of KRIs as an early warning system, like an alarm that goes off when the company’s risk exposure exceeds tolerable levels. In this way, KRIs help you to monitor risks and take early action to prevent or mitigate crises.

KRIs should be measurable and quantifiable. Examples might include:

  • Financial KRIs: economic downturn, regulatory changes
  • People KPIs: high staff turnover, low staff satisfaction
  • Operational KPIs: system failure, IT security breach

However, it’s worth noting that the word “key” is important here. KRIs aren’t about monitoring every single risk facing the business. Instead, they focus on the most critical indicators for managing the highest risks – and these will vary from business to business in line with the company’s objectives and priorities. What constitutes a key risk for one business may not be important for another. Or what was a key risk for your business last year may not be a key risk this year, and so on.

How are KRIs related to KPIs?

KRIs and KPIs are closely linked – or they should be. In the average company, they’re often kept very separate. What I find in practice is that companies see performance management (KPIs) and risk management (KRIs) as two very different things. For example, the business may have a risk register that is developed and managed entirely separately from performance indicators.

I think this is the wrong way to go about it. You can’t discuss performance without discussing risk – they’re like two sides of the same coin. It’s therefore important that risk management and performance management are aligned.

Think of it this way:

  • KPIs answer the question, “How are we doing against our goals?”
  • While KRIs answer the question, “What is the likelihood that we might not achieve our goals?” or, to put it another way, “What might prevent us from achieving our goals?”

You can’t have one without the other if you want to manage both performance and risk effectively.

It’s therefore important to integrate KRIs into your performance management framework by linking KRIs to KPIs. This way, by establishing the right risk indicators for your business and monitoring ongoing performance through related KPIs, you can track performance and risk at the same time in one streamlined process. Risk and performance become properly aligned.

Using KRIs effectively

KRIs must be linked to the company’s strategic priorities, so it all starts with strategy. When I work with a client, we start by identifying the business’s key goals. Then we design KPIs that will monitor performance and tell us whether the business is on track against those goals. We also identify the key risks related to each goal, and design KRIs that can track those risks and act as an early warning system, thereby flagging up when the business is at risk of not achieving its goals.

In this way, each KRI should ideally be linked to a KPI and, in turn, be linked to core strategic goal, priorities and initiatives. This helps to keep the focus on key risks and not every possible risk that the organisation might face.

KRIs should be specific, predictive and easy to quantify through hard numbers, percentages or ratios. In addition, for each KRI, you’ll need to identify the relevant thresholds and trigger points – as in, when should your early warning system go off?

Once you’ve got your KRIs and KPIs in place, you need to monitor and track them regularly. How often will depend on the specific KPI and KRI. Some indicators may need to be monitored in real time, for instance, while others warrant only a quarterly check in. A performance management consultant will help you design the right metrics and monitoring system for your needs.

It’s also a good idea to review KPIs and KRIs regularly in terms of their relevancy to the business. After all, goals and priorities change as a business evolves and this will impact the risk management and performance management metrics that you choose.

Where to go from here

If you would like to know more about KPIs and performance measurement, check out my articles on:

Or browse the KPI Library to find the metrics that matter most to you.

Data Strategy Book | Bernard Marr

Related Articles

How To Set SMART Goals To Help You Succeed | Bernard Marr

How To Set SMART Goals To Help You Succeed?

When I work with companies, one of the things I do is help them establish goals that will give them the best possible chance of success [...]

Essex Police: Creating A Strategic ‘Plan on a Page’ To Manage Performance

Essex Police is one of the United Kingdom's largest non-metropolitan [...]

IT KPI Examples: How Do You Measure IT Project Performance?

Many IT objectives relate to projects, whether it is new […]

How Do You Measure Employee Engagement? The Good, The Bad and The Ugly

Few employers would deny that employee engagement is a critical […]

The 3 Biggest Performance Reporting Mistakes – And How to Fix Them

In my experience, lots of performance reporting is done poorly. […]

How to Use KPIs

Many people have heard the acronym KPIs, which stands for […]

Stay up-to-date

  • Get updates straight to your inbox
  • Join my 1 million newsletter subscribers
  • Never miss any new content

Social Media



View Podcasts