Key Risk Indicators, Scorecard, and Template

Properly designed risk framework supports risk discussion in your company. It combines indicators that allow estimating risk probability, risk impact, and risk control actions. KRIs are not that different from KPI; Risk Management frameworks are not that different from the Balanced Scorecard. Let’s start the discussion about Key Risk Indicators best practices.

The idea of risk

What is risk and how can one measure and control it? Intuitively one understands that risk is something regarding a danger/threat that might happen with a certain probability and result in some type of negative outcomes. This perception is generally correct with one exception: risk doesn’t always need to be a threat for a business, it might be an opportunity as well.

The idea of risk

The older definition of risk in ISO was “a chance or probability of loss,” while the latest ISO 31000:2009 defines risk as “the effect of uncertainty on objectives.”

In other words, the modern definition of risk recognizes that risk is not only about threats, but about opportunities as well.

Losing your key employee might be a threat on the one hand, but on the other hand you might find a new one that will bring to your company new skills and ideas. Everything depends upon the business context (business objectives).

What are Key Risk Indicators?

As their name states, KRIs are indicators that are key for the risk management process.

  • “Key” word implies that there cannot be hundreds of KRIs; so if you have 100+ KRIs, then most likely these are just risk metrics.

Most of the principles that we discussed for KPIs (Key Performance Indicators) apply to KRI:

  • They need to have a proper business context,
  • Their need to be measurable,
  • There have to be a person responsible for KRI,
  • There should be a buy in from the team, etc.

Having said that, I recommend checking out the article: Why most KPIs don’t work and what to do about this. When reading, replace “KPI” with “KRI” and you can easily use all the same ideas and recommendations.

For now, it is enough to define KRI as those risk metrics that are an important part of your risk management portfolio. As it comes from the definition of the risk in ISO standard, the ultimate decision of what is and is not a risk depends on a company’s objectives, so be careful when copying KRIs from others.

The difference between KRI and KPI

In some literature KPIs and KRIs are strongly divided, the first are responsible for business performance and the second are about risk. As an example of a typical KPI that is not a KRI that is often used is “Net Profit.”

  • “Net profit is a KPI because it doesn’t tell us anything about the risk level or risk control!” – often suggest authors.

The thing is that “Net profit” by itself doesn’t tell us either anything about performance or the way one wants to increase it!

To make a use of “Net profit” we need to put it in a proper business context, add thresholds, baseline, and target marks, and add some relevant action plan:

  • KPI: “Net profit”
  • Current level: $200 K
  • Baseline: $205 K
  • Target: $300 K
  • Stop light: red
  • Action plan: “We failed because of the old sales team! Hire a new sales team!”

KPI vs KRI

Have a look at this KPI! Doesn’t it look like a KRI now? For sure, we don’t have metrics for probability and impact, but we can easily add them…

Another thought that supports the idea of the similar nature of KRIs and KPIs:

  • KPIs need to be aligned with the business strategy; and how one determined this strategy? Didn’t we use SWOT (where T stands for “threats”) method to come up with hypothesis (risk analysis) and possible solutions (risk control)?

Well, I’m exaggerating, but I personally don’t see any fundamental difference. I am ready to argue about this in the comments. For sure, KRIs are more “risk-oriented,” but if one needs, a KRI can be converted into a KPI and vice-versa.

Mapping risks to KRI. Defining Key Risk Indicators.

Here comes an interesting part. Let’s talk about Risk Management.  Managing risks is about managing the chain of:

  • Detecting/predicting threats/opportunities
  • Estimating the chance that they will happen (their probability)
  • Controlling the impact/outcomes

Normally, we cannot map all these aspects of the risk in one KRI, so we will normally need 3 indicators:

  • Indicator that would measure probability
  • Indicator that would measure the impact 
  • Indicator that would measure action plan

For example, for such KRI as “Poor mentoring of employees” we would have:

  • Time spend on mentoring per week, hours. This indicator estimates risk probability, the less hours one spends mentoring others, and the more likely the company will face this risk.
  • Employee engagement index, %. This indicator helps to understand the impact of poor communication. Less mentoring means less engagement from the part of employees.
  • Action plan: improve mentoring procedures; relevant indicator might be something like “Leadership training passed, hours.” We need to teach managers a proper leadership paradigm that would include mentoring.

Define and map KRIs

Which of those indicators is a KRI? I’d say that the pair of “probability” and “impact” indicators form the KRI. While the action plan indicator relates to the risk control procedures.

Template for a KRI

Here is a template that one can use for a Key Risk Indicator.

Risk Template:

Risk IndicatorsRisk Control PlanAction Indicator
Risk Identification:
______________
Probability Indicator: ________
Impact Indicator: _________
Action 1: _________
Action 2: _________
Indicator 1: _________
Indicator 2: _________

Example discussed above will look like:

Risk IndicatorsRisk Control PlanAction Indicator
Risk Identification:
“Poor mentoring of employees”
Probability Indicator:
Time spend on mentoring per week, hours
Impact Indicator:
Employee engagement index, %
Action 1:
Improve mentoring procedures
Indicator 1:
Leadership training passed, hours.

Leading/lagging KPIs vs. probability/impact KRIs

When mapping business strategy we always suggest making sure that there are:

  • Leading indicators aligned with business objectives,
  • Lagging indicators aligned with business objectives, and an
  • Action plan.

Compare this to the “probability,” “impact,” and “control plan” and you will see what I mean.

Properly described strategy looks very similar to the properly done risk and control assessment.

How do risks appear on the map? Reporting culture.

As business objectives are projections of properly defined strategy, risks are projections of a properly done risk analysis.

  • The basic step is to start with a classical risk assessment, drawing root-cause diagrams, brainstorming possible problems and getting a list of the risks as a result.
  • The most important step is to implement in your company a proper reporting culture. Employees should not only report about evident problems that already happened, but also about situations where they were lucky enough to avoid the problem, but it could have happened. Such reports will allow you to identify risks that you might have not thought about before.

Establish a culture similar to one in NASA: if the problem appeared once, they conducted a careful research about possible reasons why it happened; even if it did not repeat.

Join KPI training and certification by BSC DesignerCovert separate pieces of information about Key Performance Indicators into new skills and actionable knowledge. Join "KPIs Training and Certification" by BSC Designer to learn our time-proven KPI system and get a lifetime access to the KPI training knowledge base.

More about KPI Training

How to use risk assessment and control model

The risk assessment model that was described above is nothing new, but you need it just as you need a strategy map in business performance management. Specific numbers might be tricky and won’t give you a specific information. Why have this model then?

  • As strategy map helps to discuss strategy, risk assessment model/scorecard needs to be a base for further discussions related to the risk identification and control.

In this way you will implement risk control into the company’s DNA. It’s much better than regular formal reporting of KRIs that has nothing to do with real problems.

The list of the most popular KRIs

We have the list of 89 KRIs delivered both in .BSC (BSC Designer) and Excel formats. Don’t take these risk indicators as must-have for your business. As with KPIs, KRIs need to be aligned with business context, if not, then you will be evaluating and trying to manage risk that will never occur in your business.

KPIs in BSC Designer

In BSC Designer you can easily manager your KRIs. It can be a simple risk indicator with probability and impact properties:

KRI properties in BSC Designer

In this case BSC Designer can visualize necessary data on the risk chart:

Risk chart in BSC Designer

or generate an HTML report:

HTML KRI report

The main benefit is that indicators can be aligned with objectives on the strategy map.

Key take-aways

  • Risk is not just a threat, it is a business opportunity as well;
  • Put KRIs into proper business context;
  • KPI and KRI are not that different:
    • KRI need to be aligned with risk management strategy;
    • Make sure you control leading (probability) and lagging (impact) risk indicators;
  • Implement proper reporting culture;
  • Use risk scorecard as a base for the risk discussions;

Related Articles

Posted in KRI

What is BSC Designer?

BSC Designer is a balanced scorecard software available as a cloud-based service and Windows desktop application.

Getting Started with BSC Designer

Try BSC Designer for free

Download BSC Designer

Who uses BSC Designer

According to our users, BSC Designer is easy to install, configure and it helps a lot with Balanced Scorecard, strategy maps, and KPIs.

BSC Designer Customers

Training for the software

To make it easier for the users to get started, we have a lot of free training materials for the software.

Video manuals for BSC Designer

Customer support

Should you have any questions, we are at your disposal.

Pricing and buying

How much does BSC Designer cost? It depends on the configuration that you prefer. Use this price calculator to find out the total cost, get an official quote, and buy the software.

What Balanced Scorecard is all about?

Fast Track explains complex ideas in a simple way Check out Strategy Scorecard Fast Track to find easy explanation of the most important complex ideas.
  • What is a Balanced/Strategy Scorecard?
  • How to build a good strategy map?
  • How to find winning KPIs?
  • How to cascade strategy?
  • How to implement scorecard
Learn all the nuances quickly and ask follow-up questions to BSC expert. Learn more...

What are your current challenges?

We help our users to get started with Balanced Scorecard, strategy maps, and KPIs. Here is a list of frequently asked questions and respective answers to them.

Q: What is the Balanced Scorecard?

Big picture about Balanced Scorecard A: Check out: Get the big picture about Balanced Scorecard article.

Q: I'm looking for a KPIs... how do I find good ones for our business?

How to find a KPI for... A: Check out our recommendations.

Q: Do you have some examples of the Balanced Scorecard?

Examples of Balanced ScorecardA: Sure, we have some here.

Q: Balanced Scorecard is about strategy execution, right? But what is a strategy?

Define strategy, create strategy mapA: Check these articles about strategy definition and creating strategy map.

Q: How do we cascade our top level scorecard throughout the company?

How to cascade a strategy mapA: Do it by business goals, some examples will also be useful.

More questions and answers...

BSC Lessons

Download BSC Designer and we will follow up with you with lessons about the Balanced Scorecard:

BSC Designer experts

Aleksey Savkin Performance Management and Balanced Scorecard

Kazim Ladimeji HR KPIs and Performance Expert

Levi Newman Effective KPIs and social metrics

Oana Boteanu Performance Management

Oleg Tumarkin Business Measurements

Upcoming events and talks

We organize, sponsor, and participate in various events related to the strategy execution.

  • "Online Workshop: Using 12 Step KPI System for the Most Challenging Metrics and KPIs." 15th February, 2017, 2 p.m. EST Read more...
  • "Building Balanced Scorecard Step by Step." 15th February, 2017, online training. Read more...

Drop us a note if you want to meet up at these events.

Online training: Build BSC step by step

The best way to get started with the Balanced Scorecard is to join our online training.

Balanced Scorecard Training Online Strategy map, KPIs, cascading - it might be hard to put it all together. In the online training "Building BSC Step by Step" we explain all the nuances in simple words and help companies to build a prototype of their balanced scorecards.

Find us on Google Plus

Thank you for sharing!

Whether you are looking for a professional Balanced Scorecard software, or just researching information about Balanced Scorecard and business strategies, we recommend you to download and try our BSC Designer software (no credit card is required).

We will follow up with you with lessons about the Balanced Scorecard and will keep you informed about the trending articles on bscdesigner.com

Follow us in Social Media

Send this to friend

More in KRI
Risk Assessment Guide License

NO WARRANTY Risk Assessment Guide IS SOLD "AS IS" AND WITHOUT ANY WARRANTY AS TO MERCHANTABILITY OR FITNESS FOR A...

89 KPIs in Risk Assessment Guide

Get Free Risk Assessment Guide Buy Full Version of Risk Assessment Guide Buy Full version Content 89 Key Risk Indicators...

Close