What makes a good key risk indicator?



How do you know you’ve selected the right key risk indicators for your organization? Here’s what makes a good KRI.

Key risk indicators (KRIs) help with monitoring and controlling risk. They link back to your operational risk management activities and processes, including risk identification; risk and control assessments; and the implementation of risk appetite, risk management, and governance frameworks.

Basically, a risk indicator can be any metric used to identify your risk exposure over time. It becomes a KRI when it tracks an important risk, or does so especially well because of its predictive value.

So when you look down at your list of KRIs, how do you know if they’re actually any good? A good key risk indicator has a number of characteristics. Ideally you want the indicator/data to be:

  • Relevant: helps identify, quantify, monitor, or manage risk and/or risk consequences that are directly associated with key business objectives/KPIs.
  • Measurable: quantifiable (a number, percentage, etc.), is reasonably precise, comparable over time, and meaningful without interpretation.
  • Predictive: can predict future problems that management can preemptively act on.
  • Easy to monitor: simple and cost effective to collect, parse, and report on.
  • Auditable: you can verify the way you sourced, aggregated, and reported it.
  • Comparable: something you can benchmark, both internally and to industry standards, so you can verify the indicator thresholds.

If you’ve put a checkmark beside each of the characteristics above, then congratulations! You’ve got yourself some fine KRIs.

Now what? Selecting and building alignment around which KRIs are right for your organization is only the first step. Developing a sustainable, durable, and accurate measurement of the KRIs is the second step, not to mention the ongoing communication you need within your organization.

White paper:

KRI Basics

What you’ll learn:

  • The different kinds of indicators, what they measure, their purpose, and audience
  • How KRIs fit into a greater risk management program
  • How to select your own KRIs, including a worksheet
  • And how to ensure your KRI program is scalable and sustainable

Download IT governance version

Download financial institution version

Related Articles


Galvanize is now part of Diligent.

To stay up to date on the latest product offerings, research and GRC resources please visit or to login to your Galvanize products please visit www.diligent.com

Visit Diligent Login