Unit 4: Risk Indicators and Registers

Question 1

What are risk indicators?

Answer 1

Metrics that help monitor and control identified risks over time.

They are a ‘health check’ of the performance of the business and can be used by all functions to ensure that risk is controlled satisfactorily.

Question 2

How do risk indicators usually measure risk?

Answer 2

They usually measure the effects of risk at set control points in the business and act as early warning signals to alert management to problem areas.

Question 3

What 3 things must a metric be able to be used to measure to be considered a key risk indicator (KRI)?

Answer 3

1. Exposure levels (to risks).
2. Control effectiveness.
3. Management of risk exposure effectiveness.

Question 4

What four things should a KRI be, to be effective?

Answer 4

1. Measurable (number, count, %, $).
2. Predictable (provide early warning signs)
3. Comparable (tracked over time; trends)
4. Informational (measures status of risk and control)

Question 5

Example: if we want to measure the risk of process errors, what would a good KRI be?

Answer 5

The number of customer complaints.

Question 6

What are three KRIs we could track for our people?

Answer 6

1. High training fail rates
2. High turnover rates
3. Low employee engagement scores

Question 7

What are two KRIs we could track for our tech?

Answer 7

1. System drop-outs
2. User complaints

Question 8

What are three KRIs we could track for our performance?

Answer 8

1. Failure to meet targets
2. Reduction in customer service scores
3. Reduction in customer retention

Question 9

What KRIs we could track for our regulatory compliance?

Answer 9

Incidents and breaches

Question 10

When does an indicator become ‘key’?

Answer 10

When it tracks a particularly important risk exposure (a key risk) or does so particularly well (a key indicator).

Ideally, it does both.

Question 11

How are tolerances/limits usually tied to risk indicators?

Answer 11

Defining threshold levels or changes which, when exceeded, alert management to areas of potential problems.

Question 12

What is a risk register?

Answer 12

A management tool that can be used to monitor and report on a risk.

It’s a log of key risks associated with a project or business unit and also includes details of the control measures that have been identified to mitigate the risks.

Question 13

What three pieces of information will a risk register generally contain?

Answer 13

1. An individual event
2. Estimate of potential loss
3. Probability of occurence