Acrónimo: KRI
Un indicador
de riesgos clave (KRI) es una métrica para determinar qué tan posible es que la
probabilidad de un evento, combinada con sus consecuencias, supere el apetito
de riesgo de la organización (es decir, el nivel de riesgo que la compañía está
preparada para aceptar), y tenga un impacto profundamente negativo en la
capacidad de tener éxito de una organización.
Si una organización se especializa en ventas al por menor, por ejemplo, un
indicador de riesgo clave podría ser el número de quejas de los clientes,
porque el aumento de este KRI podría ser una indicación temprana de que hay que
resolver un problema operativo.
El desafío
para una organización no es solo identificar cuáles indicadores de riesgo deben
ser identificados como claves (los más importantes), sino también comunicar esa
información de tal manera que todo el mundo en la organización entienda
claramente su significado.
Identificar indicadores de riesgos clave requiere la comprensión de las metas
de la organización.
Cada KRI
debería ser capaz de ser medido con precisión y reflejar de manera precisa el
impacto negativo que tendría sobre los indicadores de desempeño clave de la
organización (KPI). Los indicadores de rendimiento clave, que a menudo se
confunden con los indicadores de riesgos clave, son las métricas que ayudan a
una organización a evaluar el progreso hacia los objetivos declarados.
http://searchdatacenter.techtarget.com/es/
A subset of risk indicators
that are highly relevant and possess a high probability of predicting or
indicating important risk
ISACA,
Cybersecurity Glossary, 2014
An enterprise may develop an
extensive set of metrics to serve as risk indicators; however, it is not
possible or feasible to maintain that full set of metrics as key risk
indicators (KRIs). KRIs are differentiated as being highly relevant and
possessing a high probability of predicting or indicating important risk.
The Risk IT Practitioner
Guide. November 2009.
A key risk indicator (KRI)
is a metric for measuring the likelihood that the combined probability of an
event and its consequence will exceed the organization's risk appetite and have
a profoundly negative impact on an organization's ability to be
successful.
If an organization
specializes in retail sales, for example, a key risk indicator might be the
number of customer complaints because increase in this KRI could be an early
indication that an operational problem needs to be addressed. The challenge for
an organization is not only to identify which risk indicators should be
identified as being key (most important) but also to communicate that
information in such a way that everyone in the organization clearly understands
its significance.
Identifying key risk
indicators requires an understanding of the organization's goals. Each KRI
should be able to be measured and accurately reflect the negative impact it
would have on the organization's key performance indicators (KPIs). Key
performance indicators, which are often confused with key risk indicators, are
metrics that help an organization assess progress towards declared goals.
http://searchcio.techtarget.com/
A Key Risk Indicator, also
known as a KRI, is a measure used in management to indicate how risky an
activity is. It differs from a Key Performance Indicator (KPI) in that the latter is meant as a measure
of how well something is being done while the former is an indicator of the
possibility of future adverse impact. KRI give us an early warning to identify
potential event that may harm continuity of the activity/project.