Risk is part and parcel of business, and it’s rare to find a business where risk isn’t discussed and monitored on a regular basis. Key risk indicators (KRIs) should be an integral part of your risk framework and discussions. But what are KRIs and how do they differ from KPIs? In this article, we’ll answer both questions, and explore how you can develop effective KRIs for your organisation.
What are KRIs?
KRIs are indicators or metrics that are used to measure risks that the business is exposed to. Think of KRIs as an early warning system, like an alarm that goes off when the company’s risk exposure exceeds tolerable levels. In this way, KRIs help you to monitor risks and take early action to prevent or mitigate crises.
KRIs should be measurable and quantifiable. Examples might include:
- Financial KRIs: economic downturn, regulatory changes
- People KPIs: high staff turnover, low staff satisfaction
- Operational KPIs: system failure, IT security breach
However, it’s worth noting that the word “key” is important here. KRIs aren’t about monitoring every single risk facing the business. Instead, they focus on the most critical indicators for managing the highest risks – and these will vary from business to business in line with the company’s objectives and priorities. What constitutes a key risk for one business may not be important for another. Or what was a key risk for your business last year may not be a key risk this year, and so on.
How are KRIs related to KPIs?
KRIs and KPIs are closely linked – or they should be. In the average company, they’re often kept very separate. What I find in practice is that companies see performance management (KPIs) and risk management (KRIs) as two very different things. For example, the business may have a risk register that is developed and managed entirely separately from performance indicators.
I think this is the wrong way to go about it. You can’t discuss performance without discussing risk – they’re like two sides of the same coin. It’s therefore important that risk management and performance management are aligned.
Think of it this way:
- KPIs answer the question, “How are we doing against our goals?”
- While KRIs answer the question, “What is the likelihood that we might not achieve our goals?” or, to put it another way, “What might prevent us from achieving our goals?”
You can’t have one without the other if you want to manage both performance and risk effectively.
It’s therefore important to integrate KRIs into your performance management framework by linking KRIs to KPIs. This way, by establishing the right risk indicators for your business and monitoring ongoing performance through related KPIs, you can track performance and risk at the same time in one streamlined process. Risk and performance become properly aligned.
Using KRIs effectively
KRIs must be linked to the company’s strategic priorities, so it all starts with strategy. When I work with a client, we start by identifying the business’s key goals. Then we design KPIs that will monitor performance and tell us whether the business is on track against those goals. We also identify the key risks related to each goal, and design KRIs that can track those risks and act as an early warning system, thereby flagging up when the business is at risk of not achieving its goals.
In this way, each KRI should ideally be linked to a KPI and, in turn, be linked to core strategic goal, priorities and initiatives. This helps to keep the focus on key risks and not every possible risk that the organisation might face.
KRIs should be specific, predictive and easy to quantify through hard numbers, percentages or ratios. In addition, for each KRI, you’ll need to identify the relevant thresholds and trigger points – as in, when should your early warning system go off?
Once you’ve got your KRIs and KPIs in place, you need to monitor and track them regularly. How often will depend on the specific KPI and KRI. Some indicators may need to be monitored in real time, for instance, while others warrant only a quarterly check in. A performance management consultant will help you design the right metrics and monitoring system for your needs.
It’s also a good idea to review KPIs and KRIs regularly in terms of their relevancy to the business. After all, goals and priorities change as a business evolves and this will impact the risk management and performance management metrics that you choose.
Where to go from here
If you would like to know more about KPIs and performance measurement, check out my articles on:
Or browse the KPI Library to find the metrics that matter most to you.