Defining the key in key risk indicators: Building a framework to report leading indicators

Defining the key in key risk indicators: Building a framework to report leading indicators


Bart, can you tell the Risk Insights’ readers about yourself and your professional experiences?

In addition to leading the Solutions Consulting team, I am a product manager for Nasdaq BWise Governance Risk and Compliance (GRC). During the last 9 years in this role, I have had the privilege of working internationally with organisations in various industries. Together with these organisations, we have developed a number of innovative GRC solutions including KRI’s. My previous work includes product management for Oracle E-Business Integration and Process Optimization for Legacy Applications.

We are looking forward to you presenting at New Generation Operational Risk: Europe where you will be delivering a presentation on KRIs. Why do you believe this is a key talking point at the Summit?

The speed of detecting increased risk exposures is critical today. After putting various preventive measures in place, the speed of responding to harmful trends or threshold breaches can be a significant differentiator to the success of an organisation in today’s faster moving world.

How can risk managers prioritise and limit metrics to narrow the focus to ‘key’ risks to better capture leading indicators?

Prioritisation of key risks is a joined effort of the various GRC roles including Risk, Compliance, Audit, and IT. A combination of top-down and bottom-up risk analysis for the different functions should result in a prioritised list of key risks. One of the challenges is how to combine the distinct GRC functions into a single organisation risk framework that aligns to important topics such as a common risk language and the strategic objectives of the organization or the business as a means to help with prioritization.

How should financial professionals be utilising KRIs to drive decision making?

Being able to make management decisions requires both a single risk language across GRC functions and a clear cost-benefit analysis for implementing further risk mitigation. Leading KRI’s that detect changes in the risk causes can justify an investment to stay ahead of the game where lagging KRI’s on materialised risk events can justify an investment to change priorities in the short term to respond accurately and in time.

How do you see the role of the operational risk professional changing over the next 6-12 months?

Digitization will continue to be on the forefront of business and its effects on risk management will push risk managers into unchartered territory. The digitization of processes and interfaces is itself a concern, placing an ever increasing momentum on IT to program well and human interpretation and decision making to be classified in code. Digitization will continue to move rapidly into more and more parts of the business. A dynamic risk strategy supported and enabled by risk technology will allow the organization to identify, assess and manage the risk outcome of digitization.

Leave a Reply

Your email address will not be published. Required fields are marked *