… Key risk indicators—if I can use a fighter pilot analogy—is really the heads up display [to see] where my risks are going to come from. If we can achieve that using key risk indicators, it becomes a very useful tool in any organization.

—Garth Hinton, Director of Operational Risk for EMEA, Citigroup

INTRODUCTION

The formal use of key risk indicators (KRIs) as an enterprise risk management (ERM) tool is an emerging practice. Although many organizations have developed key performance indicators (KPIs) as a measure of progress against the achievement of business goals and strategies, this differs from using KRIs to support risk management and strategic and operational performance.

The current risk management landscape suggests that organizations are increasingly acknowledging the need to manage significant risks of all types and from all sources proactively. There is additional recognition that risk can be best managed using a variety of tools. KRI is one of several risk management tools and can complement other techniques in an ERM toolkit. For example, many financial institutions are developing a sophisticated system of KRIs for operational risk management. At the same time, these institutions use other risk management techniques such as risk and control self-assessments (RCSAs), loss event information, and scenario analyses to manage operational risks.

However, ...