Many organizations struggle to develop Key Risk Indicators (KRIs) that will provideearly warnings that risks may be more likely to materialize. This case study looks at 5 different organizations that have put KRIs in place and delves into the timing and rationale behind KRI implementation as well as the methods used to develop KRIs and the ongoing risk reporting and monitoring.
Each company shared its lessons learned and keys to effective KRI reporting so that other organizations can benefit from those learnings. The case study highlights how the organizations took different approaches to developing and using KRIs, including workshops and interviews to identify the appropriate metrics to monitor risks. It also summarizes how they repurposed Key Performance Indicators to be used as KRIs, and it illustrates how KRIs can be based on both qualitative vs. quantitative data. The case study also addresses important considerations regarding the sources of risk data and the target audience for reporting frequency for KRIs.