Scribd
Upload
392 views6 pages

Operational Risk

The document discusses key risk indicators (KRIs), which are metrics used to enhance risk monitoring and mitigation. Effective KRIs should be measurable, predictive, comparable, and informational. KRIs can be leading indicators that predict future risk or lagging indicators based on historical data. The document provides a roadmap for establishing a KRI framework, including identifying KRIs, selecting indicators, setting thresholds, tracking and reporting KRIs, developing risk mitigation plans, and defining roles and responsibilities. Continuous monitoring of KRIs through dashboards allows risks to be measured over time and appropriate actions to be taken if risk levels change.

Uploaded by

aichaanalyst4456
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
392 views6 pages

Operational Risk

The document discusses key risk indicators (KRIs), which are metrics used to enhance risk monitoring and mitigation. Effective KRIs should be measurable, predictive, comparable, and informational. KRIs can be leading indicators that predict future risk or lagging indicators based on historical data. The document provides a roadmap for establishing a KRI framework, including identifying KRIs, selecting indicators, setting thresholds, tracking and reporting KRIs, developing risk mitigation plans, and defining roles and responsibilities. Continuous monitoring of KRIs through dashboards allows risks to be measured over time and appropriate actions to be taken if risk levels change.

Uploaded by

aichaanalyst4456
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Operational risk: key risk

indicators (KRIs)

October 29, 2015


Kseniya Strachnyi
Key risk indicators, operational risk, risk mitigationthese terms pop
up in most content focused on risk management. But, these terms
aren't often used in a way that provides guidance on improving
processes. We all need to understand what role KRIs play in risk
mitigation, but do we all know how to get started turning concepts
into action? This blog by Kate Strachnyi provides a substantive
introduction to a realistic KRI framework that any company can use as
a foundation for a robust and customized risk management strategy.

Key risk indicators defined


Key risk indicators (KRIs) are an important tool within risk
management and are used to enhance the monitoring and mitigation of
risks and facilitate risk reporting. Operational risk is defined as the
risk of loss resulting from inadequate or failed internal processes,
people and systems, or external events. Operational KRIs are
measures that enable risk managers to identify potential losses before
they happen. The metrics act as indicators of changes in the risk
profile of a firm.

Effective KRIs should be:

Measurable - metrics should be quantifiable (e.g., number, count,


percentage, dollar volume, etc.).

Predictable - provide early warning signals.

Comparable - track over a period of time (trends).

Informational - measure the status of the risk and control.

Leading & lagging KRIs


Leading KRIs are measures that are considered predictive in nature.
They are derived from metrics that can help to forecast future
occurrences. Lagging KRIs are metrics based on historical measures.
These help to identify trends in the firm.

Importance of KRIs
KRIs play an important role in risk management by predicting potential
high risk areas and enabling timely action.
KRIs enable firms to:

Identify current risk exposure and emerging risk trends.

Highlight control weaknesses and allow for the strengthening of


poor controls.

Facilitate the risk reporting and escalation process.

Operational risk management adds value to the firm.

Regulatory expectations
To qualify to use the Advanced Measurement Approach (AMA) to
calculate operational risk capital under Basel II, the Basel Committee
on Banking Supervision (BCBS) has specified detailed criteria for the
use of forward-looking measures. The choice of each factor needs to
be justified as a meaningful driver of risk and whenever possible, and
the factors should be translatable into quantitative measures that lend
themselves to verification. The sensitivity of a firms risk estimates to
changes in the factors and the relative weighting of the various factors
need to be well reasoned.

KRI roadmap
Below is a high-level roadmap for establishing a KRI framework:

KRI processes
KRI identification

Identify existing metrics.

Assess gaps and improve metrics.

Identify KRIs via risk control self-assessment (RCSA)interview


business units.

Dont over rely on them; focus on indicators which track changes


in the risk profile or the effectiveness of the control environment.

Concentrate on the significant risks and their causes and


consider forward looking and historical indicators.

Consider absolute values and numbers, ratios, percentages,


ageing, etc.
Data on KRIs should be collated on a systematic and consistent
basis in order to be meaningful, e.g., on a monthly basis.

KRI selection

Select the KRIs that are measurable, meaningful and predictive


(leading indicators).

Gather a good mix of leading and lagging indicators for effective


risk management.

Dont select too many KRIs that:

o Are too difficult to manage (track).

o Might become unmanageable.

o Select only the ones that provide useful information.

Setting thresholds

Determine and validate trigger levels or thresholds.

Based on industry tolerance or internal acceptance.

Board of directors should approve thresholds.

Should coincide with risk appetite statement.

KRI tracking & reporting

Periodic tracking of KRIs (monthly, weekly, depends on what the


KRI represents).

KRIs should be reported regularly and escalation procedures


should be in place (as part of the KRI framework) to ensure
timely reporting to management and board.

Various KRIs will have different levels of escalation. When in


doubt, escalate higher but dont dump too much information on
management/board because they will get overwhelmed.
Reporting of KRIs to head of business units by KRI owners. Head
of business units then reports into risk management. Risk
management reports to risk board and when applicable, the full
board.

This can help improve corporate governance structure.

Risk mitigation plans

Risk mitigation plans (RMPs) should be set for High risk items.

Items with high severity or high frequency of occurrence need to


have RMPs to mitigate risk and enhance controls.

Determine what is high risk by assessing control levels.

Track RMPs to ensure that controls are enhanced and risk is


mitigated. Report on RMPs to management/board, and set target
completion dates.

Roles & responsibilities

Risk management

o Create Framework and provide training

o Guidance and challenge KRI selection process

o Reporting/Escalation of breaches

o Identify Trends

Business units

o Identify KRIs

o Set thresholds

o Monitor positions

o Escalate breaches of limits to management


Internal audit

o Validation and assurance around KRI process

o Incorporate output into audit plan

o Assess control effectiveness for KRIs that were breached


or yellow

Challenges
The potential challenges of establishing an effective KRI framework
include:

Getting business units to buy-in into the need for KRIs

Demonstrating the effect (positive) that it can have on the firm


overall and for each business unit

Might result in setting aside more capital

Identification of KRIs can prove to be difficult

Lack of resources to track KRIs

Key Risk Indicators


The level of risk can be measured continuously through a series of defined and
monitored indicators.

Some of the identified risks can be measured continuously on the basis of defined KRI (Key Risk
Indicators) and defined dashboards, based on the existing data in IT systems. This is a more optimal
approach than an approach based on periodic, eg. an annual assessment of the identified risks
based on expert judgement only.
Continuous risk assessment enables ongoing reaction to the appearing deviations of the risk level
defined as acceptable for the entity and take appropriate action in a short time.

You might also like