Le rôle de KRIs dans ERM

The Role of KRIs in ERM

Key risk indicators (KRIs) play

a critical role in any risk management

framework. Tools for monitoring

controls, risk drivers, and exposures,

they can provide insights into

potential risk events. For example,

where self-assessments are used

periodically to identify risks and

controls, KRIs can monitor them in

the intervening intervals. KRIs also

can provide a means to express risk

appetite. KRIs often serve their

most practical purpose in conjunction

with a system of thresholds;

when a KRI breaches its associated

threshold, it triggers a review, escalation,

or management action.

As a rule, KRIs should be monitored

closer to the “front” than in

the higher reaches of management.

In the absence of any major risk

changes, monthly summaries of the

most important measures may suffice

as a risk profile update to management.

However, this is easier said

than done, and one of the current

challenges of operational risk management

is how to structure senior

management reporting to be as useful

as possible. Especially where

KRIs are concerned, most measures

are business or process specific and

difficult to aggregate. Even measures

that are common to many areas

of an organization, such as turnover,

training, and other human resources

measures, may track risk well in relatively

small business units but

track it very poorly when measured

at the enterprise level.

Types of Key Risk Indicators

Key risk indicators encompass

different types of metrics. For the

purposes of this article, KRIs are

divided into four different categories:

coincident indicators, causal

indicators, control effectiveness indicators,

and volume indicators.

• Coincident indicators can be

thought of as a proxy measure

of a loss event and can include

internal error metrics or near

misses. An example of a coincident

indicator in a paymentprocessing

operation may be

number of misapplied payments

identified through internal

quality assurance sampling.

• Causal indicators are metrics

that are aligned with root causes

of the risk event, such as

system down time or number

of late purchase orders.

• Control effectiveness indicators

provide ongoing monitoring of

the performance of controls.

Measures may include control

42

A Structured Approach to

Building Predictive

Key Risk Indicators

by

Aravind Immaneni, Chris Mastro

and Michael Haubenstock Leading risk indicators with good predictive capabilities are critical

to the successful management of enterprise risk. This article

describes how a process that incorporates some Six Sigma methods

for developing and using key risk indicators was used at Capital One.

© 2004 by RMA. Aravind Immaneni is a senior process redesign specialist, Chris Mastro is group manager of process

engineering, and Michael Haubenstock is director, Operational Risk Management, at Capital One, Richmond, Virginia.

Operational Risk: A Special Edition of The RMA Journal May 2004

effectiveness, such as percent

of supplier base using encrypted

data transfer, or bypassed

controls, such as dollars spent

with nonapproved suppliers.

• Volume indicators (sometimes

called inherent risk indicators) frequently

are tracked as key performance

indicators; however,

they also can serve as a KRI. As

volume indicators (e.g., number

of online account applications)

change, they can increase the

likelihood and/or impact of an

associated risk event, such as

fraud losses. Volume indicators

...