Promoting and Developing the
Discipline of Operational Risk Management
Key Risk Indicators
Sound Practice Guidance
November 2010
Risk indicators are an important tool within operational risk management, facilitating the monitoring and control of risk. In so doing they may be used to support a range of operational risk management activities and processes, including: risk identification; risk and control assessments; and the implementation of effective risk appetite, risk management and governance frameworks (see IOR Guidance on Risk Appetite and Risk Governance).
Despite their usefulness relatively little guidance exists on how to use risk indicators in an effective manner. Moreover it is an area that has proven to be particularly challenging for many organisations. Hence there is a need for further guidance in this area.
What follows is the IOR’s perspective on current sound practices in relation to the use of risk indicators to support the management of operational risk. In so doing, this guidance covers the role and purpose of risk indicators, the elements of an effective risk indicator framework and some important practical considerations relating to the use of such frameworks within an operational risk management context.
The IOR recognises that there is no one size fits all approach to the management of operational risk. However by drawing on the experience of practising risk professionals it is possible to identify examples of good practice described in this Guidance. Equally it is hoped that these guidance papers will facilitate a shared understanding of key operational risk concepts amongst risk management professionals, regulators and academics, thus contributing towards the further development of the discipline of operational risk.
This is one of a series of Sound Practice Guidance papers being produced by the Institute of Operational Risk (IOR) with the following objectives:
- Providing information on the practicalities and know-how necessary in order to implement the techniques that support a robust operational risk management framework;
- Empowering operational risk professionals to demonstrate the value of operational risk management to senior management in a practical rather than theoretical manner;
- Capturing the real experience of practising risk professionals, including the challenges involved in developing operational risk management frameworks.
The Institute of Operational Risk
The Institute of Operational Risk was created in January 2004 as a professional body whose aim is to establish and maintain standards of professional competency in the discipline of Operational Risk Management. It is an independent, not for profit, professional body designed to support its members. The stated mission of the Institute is to promote the development and discipline of Operational Risk and to foster and maintain investigations and research into the best means and methods of developing and applying the discipline and to encourage, increase, disseminate and promote knowledge, education and training and the exchange of information and ideas.
| Title: Key Risk Indicators | Date issued: 2nd Nov 2010 |
 Key Risk Indicators |
Version: 1.0 |
|
File name: IOR KRI Guidance Nov 2010 |
Update date: n/a |
The following text is a sample from the full guide.
To view the full guide click here: Key Risk Indicators
1. Introduction
Risk indicators are an important tool within operational risk management, facilitating the monitoring and control of risk. In so doing they may be used to support a range of operational risk management activities and processes, including: risk identification; risk and control assessments; and the implementation of effective risk appetite, risk management and governance frameworks (see IOR Guidance on Risk Appetite and Risk Governance).
Despite their usefulness relatively little guidance exists on how to use risk indicators in an effective manner. Moreover it is an area that has proven to be particularly challenging for many organisations. Hence there is a need for further guidance in this area.
What follows is the IOR’s perspective on current sound practices in relation to the use of risk indicators to support the management of operational risk. In so doing, this guidance covers the role and purpose of risk indicators, the elements of an effective risk indicator framework and some important practical considerations relating to the use of such frameworks within an operational risk management context.
2. Definitions
Indicators are metrics used to monitor identified risk exposures over time. Therefore any piece of data that can perform this function may be considered a risk indicator. The indicator becomes ‘key’ when it tracks an especially important risk exposure (a key risk), or it does so especially well (a key indicator), or ideally both.
More specifically a metric may be considered to be a risk indicator when it can be used to measure:
- The quantum (amount) of exposure to a given risk or set of risks.
- The effectiveness of any controls that have been implemented to reduce or mitigate a given risk exposure.
- How well we are managing our risk exposures (the performance of our risk management framework).
Expressed slightly differently, this implies that an organisation will typically make use of three different types of indicator: risk (exposure) indicators, control effectiveness indicators and performance indicators.
2.1. Risk Indicators
In an operational risk context a risk indicator (commonly known as a key risk indicator or KRI) is a metric that provides information on the level of exposure to a given operational risk which the organisation has at a particular point in time. In order to provide such information the risk indicator has to have an explicit relationship to the specific risk whose exposure it represents. For example, take the number of customer complaints, which is likely to be linked to the risk of process errors – as customer complaints increase, the probability that there are some underlying and potentially systemic mistakes and errors of judgement being made is likely to rise. In other words, there is a rationale for thinking that changes in the value of this indicator are likely to be associated with changes in operational risk exposure or operational loss experience.
Further examples of risk indicators include staff turnover (which may be linked to risks such as fraud, staff shortages and process errors), the number of data capture errors (process errors) and the number of virus or phishing attacks (IT systems failure). For further examples see Appendices (8.1).
The above text is a sample from the full guide.
To view the full guide click here: Key Risk Indicators
Set as favorite
Bookmark
Email this
Hits: 116274
Comments (0)
Subscribe to this comment's feed
Write comment
| < Prev | Next > |
|---|
News & Media
Chairman’s Address at AGM 27/3/12
Ladies and Gentlemen,
It gives me great pleasure to address this AGM, and I’m conscious of the...
The Scottish Chapter of the IOR held it's 1st Annual Conference on Friday 28th October 2011 at Glasgow Caledonian University...
Upcoming Events
May24 Supervisory Expectations of Operational Risk Location: Accenture, Plantation Place, 30 Fenchurch Street, London EC3M 3BD Information: This event is free to IOR members. There will be a £50 charge to non-members. |
Jun27 Infoline Presents Fund Management Regulation 2012 Location: Central London, UK Information: Don’t forget to quote VIP code FKM62375IORL to save 10% off your registration fee with IOR. |
News Feeds
| Finextra Research news |
| Financial IT news and analysis - latest headlines |
For all today’s news stories see Main News Feeds
Newsletter Sign Up
Sign up for the IOR newsletter here.
Regional Chapters
