Key Risk Indicators (KRIs) are the foundation of any operational risk analysis, as well as, Key Performance Indicators (KPIs) are the foundation of any continuous improvement analysis. In this post, I will relate the desired performance level (KPIs) with the desired risk tolerance level (KRIs). I will also include a short description on other indicators including Key Control Indicators (KCIs) that set the desired internal control effectiveness of an organization and Key Lead Indicators (KLIs) that are being increasingly used to measure the achievement of strategy goals (for instance, in terms of customer satisfaction). All these indicators working together in scorecards improves the management information.
KRIs measure how risky an activity is, and KPIs measure how effective an activity was performed. KRIs are an early warning to identify any potential event that may harm continuity of the activity in the long term. In contrast, KPIs are related to past activities and they are done in the short term. KRIs are focused on Governance, the board and risk specialists, KPIs are focused on Management and operational specialists. KPIs address specific problems at business units or processes; and KRIs address systemic problems. Somehow, there is a controversy about whether or not both indicators are the same thing.
Both concepts are correlated but they are not identical. In other words, a tendency to decrease in a KPI may increase a related KRI if a company goal is not achieved. For instance, a continuous tendency to decrease the profitability per customer from year to year (KPI) increases the chances to discontinue operations in the related business line (KRI). Furthermore, according to the 2008 PWC Management Barometer survey to senior executives at multinationals shown that:
• 45% of the respondents said that their organizations do not link KPIs and KRIs at all;
• 27% of the respondents said their organizations linked key risk indicators to the management of earnings volatility, as well as, capital optimization and adequacy;
• 10% of the respondents said their companies employed risk-adjusted performance metrics to set business objectives and to monitor progress against them
• 18% did not respond
Key Risk Indicators (KRIs) show the risk to exceed the defined risk appetite in the future. A well constructed KRIs should be able to accurately predict losses. Therefore, KRI ratios usually contain forecasted information. For instance, a KRI may be calculated as the forecasted net balance in cash flows for next year (estimated outflows/estimated inflows) or a FX future (foreign exchange derivative). Creating tendencies about know activities could also predict risks. Some KRIs examples in this case are the number of annual frauds per transaction or the % of uncollected sales per year. In general, KRI are related to fluctuation rates at long intervals, forecasts or trends to provide an early warning (alert) about a future problem.
Key Control Indicators (KCIs) are used to define the company wide controls to and monitor the achievement of the set objectives. Managers define the related desired tolerances for controls before measuring. The KCIs´ role is to ensure that adequate responses and monitoring have been provided to a risk situation identified by KRIs. Control verification is a key component of a KCI, and it usually includes auditing, quality assurance and improvement programs. Typical KCIs cover the reliability of financial reporting, number of audit issues or product quality assurance ratios.
Key Lead Indicators (KLIs) are used to detect the root cause of a risk or a performance driver to provide an early warning if the achievement of strategic goals would be jeopardized in the future. Effective KLIs should drive behavior change. As predictive as KRIs, KLIs are linked to strategy goals of the company.
Key Management Indicators (KMIs) are used to refer to a comprehensive set of KPIs, sometimes involving quality and environment metrics. In addition to Key Activity Indicators (KAIs), KMIs they can be rolled under KPIs.
Only 15 years passed already from the first publication of the book Balanced Scorecard by Robert Steven Kaplan and David P. Norton. We are still in an early state to develop a KRI, KCI or KLI framework. There are numerous differences about the usage and definitions by organizations and institutions.