Operational risk management

Easily identify, measure, control and monitor the operational risks of your organization→


security risks

Ensures the confidentiality, integrity and availability of your information assets →



Keep track of all regulations and regulations that your organization must comply with →


Anti-Money Laundering

Easily identify, establish controls, and monitor AML risks→



Improve your internal audit processes, support regulatory compliance, and generate value for your organization through continuous improvement →

What will you learn? Learn with our experts about critical topics on Risk Management that will be useful in your daily work.

Piraní Academy

What is a key risk indicator (KRI)?

written by Juan Pablo Calle, On October 08, 2019

What is a key risk indicator (KRI)?

Key Risk Indicators, or KRIs, are metrics used to determine the potential for an eventual risk and to take timely action.

KRIs serve as a kind of alarm that warns when something is not working the way it should. For example, a decrease in demand that impacts sales.

There are different types of indicators. While KPIs focus on historical data, KRIs, or key risk indicators, focus on forecasting what might happen. This means that they help to anticipate future problems and opportunities, based on the observation of trends that may affect an organization.

Although there are many reasons to use indicators, it is important to incorporate them in the management process because they provide useful information on the potential risks that can impact a company's strategic objectives.

In this sense, risk indicators provide information that is vital to achieving strategic goals. Therefore, the design of a good risk indicator begins with organizational objectives.

This relationship between objectives and core strategies helps to identify the most relevant information that can be used to recognize emerging risks.

How to develop a risk indicator

A useful method for developing a KRI is to analyze a risk event that has affected the organization in the past or even in the present. Then, by observing from present to past, intermediate events are identified until the root cause that generated the loss is found.

The closer the KRI is to identifying the ultimate cause of a risk event, the easier it will be to take timely action. They are therefore an integral part of the risk monitoring process.

How to develop a risk indicator

In the above outline, the timeline starts with a root cause. An intermediate event, which can serve as a key risk indicator, is then reached. This works as a sort of chain of events leading up to the beginning.

The risk manager can use this analysis to monitor and propose mitigation strategies. That way, you can start to reduce the impact of a risk, even before it occurs.

Therefore, it is useful to have a key risk indicator related to past events, i.e., root causes that precede intermediate events, as the latter do not allow enough time to take timely action.

Sources of information for creating risk indicators

There are several sources from which KRIs can be extracted. On the one hand, there are external data, such as customer or industry financial reports, as well as economic indicators.

On the other, there are internal data, such as price trends, labor issues, company capacity, and other KRIs that can provide useful data to anticipate potentially damaging events.

In the internal data collection process to create KRIs, key people across the organization should be involved, since they are the ones who have the capacity to determine the intermediate events and the root causes in each of the company's units or processes. This ensures that the main risks are not ignored.

In order to develop effective KRIs, it is important for the people involved to be aligned. Therefore, it is essential to define a single criterion regarding the definition of the individual data to be collected. If there is no such integration, there is likely to be a lack of elements for decision-making.

As a starting point, it may be useful to ask questions such as: what and how will it be measured, how will each customer be weighted, should the size of the customer be considered, can the risk situation occur in more than one business unit?

Of course, internal information sources are easier to obtain, but the most significant impacts can come from external sources: changing economic conditions, changing interest rates, or new legal or regulatory requirements.

These external sources can be beneficial in identifying potential risks that the organization is not aware of. In this sense, balance sheet or external audit publications, as well as conversations with stakeholders can provide relevant data on the problems they face and how they resolve them.

Although both legal requirements and independent sources provide certain objectivity and impartiality, it is necessary to establish specific criteria for selecting the most relevant data.

In summary, since some risk indicators have greater predictive power, it is necessary to know the weight of each piece of information to evaluate past performance and foresee a future event. In other words, risk indicators serve as a kind of mosaic of information to anticipate risk.

Money Laundering and Terrorism Financing Prevention Manual


Try Pirani For FREE NOW
Download a free Excel Risk Matrix Template
Free e-book Prevention & Correction of Human Error For Risk Management

Leave us your comments