Indicators & KRIs - Key Risk Indicator Management

Flow's Key Risk Indicator (KRI) system provides comprehensive monitoring and alerting capabilities to track organizational risk metrics in real-time. KRIs serve as early warning signals that help identify emerging risks before they materialize into significant issues.

Overview

Key Risk Indicators enable organizations to:

• Monitor Risk Metrics - Track quantitative and qualitative risk indicators
• Automated Threshold Checking - Set green/yellow/red/critical thresholds with automatic status updates
• Trend Analysis - Identify improving, stable, or deteriorating trends
• Alert Management - Configure automated alerts when thresholds are breached
• Data Collection - Support manual and automated data collection methods
• Executive Dashboards - Visualize KRI health scores and summary metrics

KRI Categories

KRIs can be organized by risk category:

• Operational - Business process and operational efficiency metrics
• Financial - Financial performance and risk metrics
• Strategic - Strategic objective and market position indicators
• Compliance - Regulatory compliance and adherence metrics
• Reputation - Brand reputation and customer satisfaction indicators
• Cyber Security - Information security and cybersecurity metrics

Measurement Types

KRIs support multiple measurement types:

• Count - Numeric counts (e.g., number of incidents)
• Percentage - Percentage values (e.g., system uptime %)
• Currency - Monetary values (e.g., financial losses)
• Ratio - Ratio calculations (e.g., debt-to-equity ratio)
• Duration - Time-based measurements (e.g., mean time to resolution)
• Score - Scaled scores (e.g., risk score 1-100)

Threshold Configuration

Four-Level Threshold System

KRIs use a color-coded threshold system:

Green Threshold

• Acceptable performance level
• No action required
• Indicates healthy risk posture

Yellow Threshold

• Cautionary level
• Monitor closely
• May require investigation

Red Threshold

• Warning level
• Action required
• Risk mitigation needed

Critical Threshold (Optional)

• Critical level
• Immediate action required
• Escalation to management

Threshold Examples

Example: System Downtime KRI

Green: < 1% downtime (99%+ uptime)
Yellow: 1-5% downtime (95-99% uptime)
Red: 5-10% downtime (90-95% uptime)
Critical: > 10% downtime (< 90% uptime)

KRI Creation

Required Information

When creating a KRI, you'll need:

1. Basic Details

   • KRI Name - Descriptive name for the indicator
   • KRI Code - Unique identifier code
   • Description - Detailed description of what the KRI measures
   • Category - Risk category classification

2. Measurement Configuration

   • Measurement Type - How the KRI is measured
   • Unit - Unit of measurement (e.g., %, $, hours)
   • Thresholds - Green, yellow, red, and optional critical thresholds

3. Data Collection

   • Data Source - Where data comes from
   • Collection Frequency - How often data is collected
   • Automated Collection - Whether data collection is automated
   • API Endpoint - For automated collection (if applicable)

4. Ownership & Escalation

   • Owner - Person responsible for the KRI
   • Escalation Contacts - People to notify when thresholds are breached
   • Action Triggers - Specific actions to take at each threshold level

5. Business Context

   • Business Justification - Why this KRI is important
   • Linked Risk - Optional link to related risk in risk register

Data Collection

Collection Frequencies

• Real-time - Continuous monitoring and updates
• Daily - Updated once per day
• Weekly - Updated once per week
• Monthly - Updated once per month
• Quarterly - Updated once per quarter

Collection Methods

Manual Collection

• Data entered manually by KRI owner
• Suitable for qualitative or infrequent metrics
• Requires regular data entry discipline

Automated Collection

• Data collected via API integration
• Real-time or scheduled collection
• Reduces manual effort and improves accuracy

Trend Analysis

Flow automatically analyzes KRI trends:

Improving Trend

• Indicator values moving in positive direction
• Risk posture improving
• Green arrow indicator

Stable Trend

• Indicator values remaining consistent
• No significant change
• Horizontal arrow indicator

Deteriorating Trend

• Indicator values moving in negative direction
• Risk posture worsening
• Red arrow indicator

Alert Management

Automated Alerts

When KRI thresholds are breached:

• Status Update - KRI status automatically changes to appropriate level
• Email Notifications - Escalation contacts receive email alerts
• Dashboard Indicators - Visual alerts appear on KRI dashboard
• Action Triggers - Predefined actions are initiated

Alert Configuration

Configure alerts for:

• Threshold breaches (yellow, red, critical)
• Trend changes (deteriorating trends)
• Missing data (data not collected on schedule)
• Custom conditions (based on business rules)

KRI Dashboard

Executive Summary

The KRI dashboard provides:

• Overall Health Score - Aggregate KRI health across all indicators
• Status Distribution - Count of KRIs by status (green/yellow/red/critical)
• Trend Summary - Count of improving/stable/deteriorating trends
• Recent Alerts - Latest threshold breaches and alerts

KRI Table View

The KRI table displays:

• KRI Name & Code - Identifier and unique code
• Category - Risk category
• Latest Value - Most recent measurement
• Status - Current threshold status (color-coded)
• Trend - Trend direction indicator
• Last Measurement - Date of last data collection
• Owner - Responsible person

Filtering & Search

Filter KRIs by:

• Category (operational, financial, strategic, etc.)
• Status (green, yellow, red, critical)
• Trend (improving, stable, deteriorating)
• Active/Inactive status
• Search by name or code

KRI Management

Viewing KRI Details

Click on any KRI to view:

• Complete KRI definition and configuration
• Historical data points and measurements
• Trend charts and visualizations
• Alert history
• Related risks and controls

Editing KRIs

Update KRI configuration:

• Modify thresholds as risk appetite changes
• Update data collection methods
• Change ownership or escalation contacts
• Adjust measurement parameters

Deactivating KRIs

Deactivate KRIs that are:

• No longer relevant to organizational risk
• Replaced by better indicators
• Obsolete due to process changes

Integration with Risk Management

Risk Linking

KRIs can be linked to risks in the risk register:

• Provides early warning for specific risks
• Enables risk-based KRI prioritization
• Supports risk treatment effectiveness measurement

Control Effectiveness

KRIs can measure control effectiveness:

• Track control performance metrics
• Identify control gaps through KRI trends
• Support control optimization decisions

Best Practices

KRI Selection

• Relevance - Choose indicators directly related to key risks
• Measurability - Ensure data can be collected reliably
• Actionability - Select indicators that trigger meaningful actions
• Balance - Mix leading and lagging indicators
• Coverage - Cover all major risk categories

Threshold Setting

• Historical Data - Base thresholds on historical performance
• Risk Appetite - Align with organizational risk appetite
• Industry Benchmarks - Consider industry standards
• Regular Review - Review and adjust thresholds periodically

Data Quality

• Reliable Sources - Use trusted data sources
• Validation - Validate data before entry
• Consistency - Maintain consistent measurement methods
• Documentation - Document data collection processes

Getting Started

1. Identify Key Risks - Determine which risks need KRI monitoring
2. Define Indicators - Select appropriate metrics for each risk
3. Set Thresholds - Configure green/yellow/red/critical thresholds
4. Configure Collection - Set up manual or automated data collection
5. Assign Ownership - Designate KRI owners and escalation contacts
6. Monitor & Review - Regularly review KRI status and trends
7. Take Action - Respond to threshold breaches and alerts

Flow's KRI system transforms risk monitoring from reactive to proactive, enabling organizations to identify and address emerging risks before they become significant issues.

Next Steps

• Risk Management - Link KRIs to risks in your risk register
• Risk Appetite - Align KRI thresholds with risk appetite
• Dashboard Overview - View KRI metrics on your dashboard
• Risk Analytics - Analyze KRI trends and patterns