Home / Business Metrics / Red Alert: Five Keys to Using Operational Risk Metrics

Red Alert: Five Keys to Using Operational Risk Metrics

When used the right way, metrics can show you just about anything about the business—places for growth, and risks to be squashed. Dawn Ward and Susan Palm write for Risk Management with five pointers to get the most out of operational risk metrics. Never get caught off guard again.

The Keys to Risk

  1. Engage key stakeholders.
  2. Determine which indicators are important to your business.
  3. Align metrics to controls.
  4. Tie metrics to the business plan and strategy.
  5. Build a risk-aware culture through employee involvement.

Operational risk clearly requires diverse stakeholder buy-in, especially as it pertains to defining key risk indicators (KRIs) and key performance indicators (KPIs). These discussions must be had, both so that management understands which metrics most directly correlate with risk factors, and so that stakeholders can come up with common language by which to discuss metrics and risk. When it comes to actually selecting KRIs and KPIs, there is any number of strategies for narrowing the possibilities. One strategy suggested by Ward and Palm is to use root-cause analysis of a loss event, which involves quantifying risk exposure and impacts of operational losses that have occurred in the past. In any case, keep your total number of KRIs and KPIs small.

About the third point, Ward and Palm write:

Many organizations use metrics to understand their risk profiles. To take it one step further, organizations can use metrics to define their controls as well. This allows organizations to see two sides of the same coin at once. From there, they can get a better picture of their inherent risk and how well they are managing it, which can better position them to determine if their residual risk is increasing or decreasing. This additional step can either be worked into the preliminary process or taken on as the process matures, depending on the available resources.

Monitoring and controlling risk is of course how a business stays viable, but the value of risk metrics should be compounded by how they align with business strategy. In this way, the effectiveness of new initiatives can be better judged. It furthermore draws a picture of the overall risk culture of the business. Employees need to be encouraged and even incentivized to speak up about risks wherever they find them, lest the risks grow out of control behind everyone’s backs. Business is ultimately always a team effort, and the day will never be won by number-crunching alone.

You can read the original article here: http://www.rmmagazine.com/2015/04/01/five-keys-to-using-operational-risk-metrics/

About John Friscia

John Friscia is the Editor of Computer Aid’s Accelerating IT Success. He began working for Computer Aid, Inc. in 2013 and continues to provide graphic design support for AITS. He graduated summa cum laude from Shippensburg University with a B.A. in English.

Check Also

7 Software Testing Metrics That Are Useless by Themselves

For metrics to be useful in any situation, they must always be established and measured …

Leave a Reply

Your email address will not be published. Required fields are marked *