├── README.png
├── CITATION.cff
├── examples
    └── four-broad-categories-of-risk-by-deloitte
    │   └── index.md
├── README.md
└── CODE_OF_CONDUCT.md


/README.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/joelparkerhenderson/key-risk-indicator/HEAD/README.png


--------------------------------------------------------------------------------
/CITATION.cff:
--------------------------------------------------------------------------------
 1 | cff-version: 1.2.0
 2 | title: Key Risk Indicator (KRI)
 3 | message: >-
 4 |   If you use this work and you want to cite it,
 5 |   then you can use the metadata from this file.
 6 | type: software
 7 | authors:
 8 |   - given-names: Joel Parker
 9 |     family-names: Henderson
10 |     email: joel@joelparkerhenderson.com
11 |     affiliation: joelparkerhenderson.com
12 |     orcid: 'https://orcid.org/0009-0000-4681-282X'
13 | identifiers:
14 |   - type: url
15 |     value: 'https://github.com/joelparkerhenderson/key-risk-indicator/'
16 |     description: Key Risk Indicator (KRI)
17 | repository-code: 'https://github.com/joelparkerhenderson/key-risk-indicator/'
18 | abstract: >-
19 |   Key Risk Indicator (KRI)
20 | license: See license file
21 | 


--------------------------------------------------------------------------------
/examples/four-broad-categories-of-risk-by-deloitte/index.md:
--------------------------------------------------------------------------------
 1 | # Four broad categories of risk
 2 | 
 3 | Credit: [Key Risk Indicators– by Deloitte](https://www.rims.org/annualconference/riskforum2014/Documents/Key%20Risk%20Indicators.pdf)
 4 | 
 5 | 
 6 | ## Strategic risks
 7 | 
 8 |   * Demand shortfalls
 9 | 
10 |   * Customer problems
11 | 
12 |   * M&A problems
13 | 
14 |   * Pricing pressures
15 | 
16 |   * Competition
17 | 
18 |   * Product/server problems
19 | 
20 |   * Regulation
21 | 
22 |   * R&D
23 | 
24 |   * Management change
25 | 
26 |   * Corporate governance risk
27 | 
28 |   * Miscommunications
29 | 
30 |   * False guidance
31 | 
32 | 
33 | ## Financial risks
34 | 
35 |   * Poor financial planning
36 | 
37 |   * Asset losses
38 | 
39 |   * Goodwill and amortization issues
40 | 
41 |   * Liquidity crises
42 | 
43 |   * High debt
44 | 
45 |   * Interest rates
46 | 
47 | 
48 | ## Operational risks
49 | 
50 |   * Earnings shortfall
51 | 
52 |   * Cost overruns
53 | 
54 |   * Poor operating controls
55 | 
56 |   * Accounting problems
57 | 
58 |   * Capacity problems
59 | 
60 |   * Supply-chain issues
61 | 
62 |   * Employee problems
63 | 
64 |   * Fraud
65 | 
66 |   * Noncompliance
67 | 
68 |   * High input costs
69 | 
70 |   * IT security
71 | 
72 |   * Supplier losses
73 | 
74 | 
75 | ## External risks
76 | 
77 |   * Declining commodity prices
78 | 
79 |   * Rating impacts
80 | 
81 |   * Industry crises
82 | 
83 |   * Legal risks
84 | 
85 |   * Weather losses
86 | 
87 |   * Partner losses
88 | 
89 |   * Political issues
90 | 
91 |   * Terrorism
92 | 
93 |   * Country economic issues
94 | 
95 |   * Foreign economic issues
96 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | <!--
  2 |   * browser: key-risk-indicator
  3 |   * tracker: 8f268ee5fca9566b1fa5688974d305da
  4 |   * version: 1.1.0
  5 |   * updated: 2021-05-19T19:27:51Z
  6 |   * contact: Joel Parker Henderson (http://joelparkerhenderson.com)
  7 |   * options: commentable
  8 | -->
  9 | 
 10 | # Key Risk Indicator (KRI)
 11 | 
 12 | <img src="README.png" alt="Key Risk Indicator" style="width: 100%;"/>
 13 | 
 14 | A key risk indicator (KRI) is a measure used in management to indicate how risky an activity is. This page is summary excerpts from [Wikipedia / Key risk indicator](https://en.wikipedia.org/wiki/Key_risk_indicator).
 15 | 
 16 | 
 17 | Contents:
 18 | 
 19 | * [What is a KRI?](#what-is-a-kri)
 20 | * [What are KRI examples?](#what-are-kri-examples)
 21 | * [What is the best KRI?](#what-is-the-best-kri)
 22 | * [How can a KRI help?](#how-can-a-kri-help)
 23 | * [What makes a good KRI?](#what-makes-a-good-kri)
 24 | * [How to handle KRI?](#how-to-handle-kri)
 25 | * [Links](#links)
 26 | 
 27 | 
 28 | ## What is a KRI?
 29 | 
 30 | 
 31 | A key risk indicator (KRI) is a measure used in management to indicate how risky an activity is. 
 32 | 
 33 | Key risk indicators are metrics used by organizations to provide an early signal of increasing risk exposures in various areas of the enterprise. It differs from a key performance indicator (KPI) in that the latter is meant as a measure of how well something is being done while the former is an indicator of the possibility of future adverse impact. 
 34 | 
 35 | KRI give an early warning to identify potential event that may harm continuity of the activity/project.
 36 | 
 37 | KRIs are a mainstay of operational risk analysis.
 38 | 
 39 | 
 40 | ## What are KRI examples?
 41 | 
 42 | 
 43 | Key risk indicators for finance:
 44 | 
 45 | * letters of intent (LOI) such as unbooked dollar value ($)
 46 | 
 47 | * value at risk (VaR) such as investment dollar value ($)
 48 | 
 49 | Key risk indicators for marketing:
 50 | 
 51 | * customer complaints (CC) such as incident count (#) for previous N days
 52 | 
 53 | * net detractor score (NDS) such as measured per user cohort
 54 | 
 55 | Key risk indicators for operations:
 56 | 
 57 | * unplanned unavailability (UU) such as incident count (#) for previous N days
 58 | 
 59 | * mean time to recovery (MTTR) such as for the previous N incidents
 60 | 
 61 | Key risk indicators for queues, pipelines, funnels, processes, etc:
 62 | 
 63 | * σ: dropout rate
 64 | 
 65 | * ε: error ratio
 66 | 
 67 | 
 68 | ## What is the best KRI?
 69 | 
 70 | Organizations have different sizes and environment. 
 71 | 
 72 | So every enterprise should choose its own KRI, taking into account the following steps:
 73 | 
 74 |   * Consider the different stakeholders of the organization
 75 | 
 76 |   * Make a balanced selection of risk indicators, covering performance indicators, lead indicators and trends
 77 | 
 78 |   * Ensure that the selected indicators drill down to the root cause of the events
 79 | 
 80 |   * Choose high relevant and high probability of predicting important risks: high business impact, easy to measure, high correlation with the risk, and sensitivity.
 81 |  
 82 |   * Determine thresholds and triggers for the set of KRI's
 83 | 
 84 |   * Locate and fold in data sources that contribute or feed data into KRI triggers
 85 | 
 86 |   * Determine notification methods, recipients, and action or response sequences
 87 | 
 88 | 
 89 | ## How can a KRI help?
 90 | 
 91 | The constant measure of KRI can bring the following benefits to the organization:
 92 | 
 93 |   * Provide an early warning: a proactive action can take place
 94 | 
 95 |   * Provide a backward looking view on risk events, so lesson can be learned by the past
 96 | 
 97 |   * Provide an indication that the risk appetite and tolerance are reached
 98 | 
 99 |   * Provide real time actionable intelligence to decision makers and risk managers
100 | 
101 | 
102 | ## What makes a good KRI?
103 | 
104 | Qualities of good key risk indicators:
105 | 
106 |   * Ability to measure the right thing (e.g., supports the decisions that need to be made)
107 | 
108 |   * Quantifiable (e.g., damages in dollars of profit loss)
109 | 
110 |   * Capability to be measured precisely and accurately
111 | 
112 |   * Ability to be validated against ground truth, and confidence level one has in the assertions made within the framework of the metric
113 | 
114 | 
115 | ## How to handle KRI?
116 | 
117 | Management selects a risk response strategy for specific risks identified and analyzed, which may include:
118 | 
119 |   * Avoidance: exiting the activities giving rise to risk
120 | 
121 |   * Reduction: taking action to reduce the likelihood or impact related to the risk
122 | 
123 |   * Alternative Actions: deciding and considering other feasible steps to minimize risks
124 | 
125 |   * Share or Insure: transferring or sharing a portion of the risk, to finance it
126 | 
127 |   * Accept: no action is taken, due to a cost/benefit decision
128 | 
129 | Monitoring is typically performed by management as part of its internal control activities, such as review of analytical reports or management committee meetings with relevant experts, to understand how the risk response strategy is working and whether the objectives are being achieved.
130 | 
131 | 
132 | ## Links
133 | 
134 | Wikipedia:
135 | 
136 |   * [Key risk indicator](https://wikipedia.org/wiki/Key_risk_indicator)
137 | 
138 |   * [Risk management](https://wikipedia.org/wiki/Risk_management)
139 | 
140 |   * [Enterprise risk management](https://wikipedia.org/wiki/Enterprise_risk_management)
141 | 


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
  1 | 
  2 | # Contributor Covenant Code of Conduct
  3 | 
  4 | ## Our Pledge
  5 | 
  6 | We as members, contributors, and leaders pledge to make participation in our
  7 | community a harassment-free experience for everyone, regardless of age, body
  8 | size, visible or invisible disability, ethnicity, sex characteristics, gender
  9 | identity and expression, level of experience, education, socio-economic status,
 10 | nationality, personal appearance, race, caste, color, religion, or sexual
 11 | identity and orientation.
 12 | 
 13 | We pledge to act and interact in ways that contribute to an open, welcoming,
 14 | diverse, inclusive, and healthy community.
 15 | 
 16 | ## Our Standards
 17 | 
 18 | Examples of behavior that contributes to a positive environment for our
 19 | community include:
 20 | 
 21 | * Demonstrating empathy and kindness toward other people
 22 | * Being respectful of differing opinions, viewpoints, and experiences
 23 | * Giving and gracefully accepting constructive feedback
 24 | * Accepting responsibility and apologizing to those affected by our mistakes,
 25 |   and learning from the experience
 26 | * Focusing on what is best not just for us as individuals, but for the overall
 27 |   community
 28 | 
 29 | Examples of unacceptable behavior include:
 30 | 
 31 | * The use of sexualized language or imagery, and sexual attention or advances of
 32 |   any kind
 33 | * Trolling, insulting or derogatory comments, and personal or political attacks
 34 | * Public or private harassment
 35 | * Publishing others' private information, such as a physical or email address,
 36 |   without their explicit permission
 37 | * Other conduct which could reasonably be considered inappropriate in a
 38 |   professional setting
 39 | 
 40 | ## Enforcement Responsibilities
 41 | 
 42 | Community leaders are responsible for clarifying and enforcing our standards of
 43 | acceptable behavior and will take appropriate and fair corrective action in
 44 | response to any behavior that they deem inappropriate, threatening, offensive,
 45 | or harmful.
 46 | 
 47 | Community leaders have the right and responsibility to remove, edit, or reject
 48 | comments, commits, code, wiki edits, issues, and other contributions that are
 49 | not aligned to this Code of Conduct, and will communicate reasons for moderation
 50 | decisions when appropriate.
 51 | 
 52 | ## Scope
 53 | 
 54 | This Code of Conduct applies within all community spaces, and also applies when
 55 | an individual is officially representing the community in public spaces.
 56 | Examples of representing our community include using an official e-mail address,
 57 | posting via an official social media account, or acting as an appointed
 58 | representative at an online or offline event.
 59 | 
 60 | ## Enforcement
 61 | 
 62 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
 63 | reported to the community leaders responsible for enforcement at
 64 | [INSERT CONTACT METHOD].
 65 | All complaints will be reviewed and investigated promptly and fairly.
 66 | 
 67 | All community leaders are obligated to respect the privacy and security of the
 68 | reporter of any incident.
 69 | 
 70 | ## Enforcement Guidelines
 71 | 
 72 | Community leaders will follow these Community Impact Guidelines in determining
 73 | the consequences for any action they deem in violation of this Code of Conduct:
 74 | 
 75 | ### 1. Correction
 76 | 
 77 | **Community Impact**: Use of inappropriate language or other behavior deemed
 78 | unprofessional or unwelcome in the community.
 79 | 
 80 | **Consequence**: A private, written warning from community leaders, providing
 81 | clarity around the nature of the violation and an explanation of why the
 82 | behavior was inappropriate. A public apology may be requested.
 83 | 
 84 | ### 2. Warning
 85 | 
 86 | **Community Impact**: A violation through a single incident or series of
 87 | actions.
 88 | 
 89 | **Consequence**: A warning with consequences for continued behavior. No
 90 | interaction with the people involved, including unsolicited interaction with
 91 | those enforcing the Code of Conduct, for a specified period of time. This
 92 | includes avoiding interactions in community spaces as well as external channels
 93 | like social media. Violating these terms may lead to a temporary or permanent
 94 | ban.
 95 | 
 96 | ### 3. Temporary Ban
 97 | 
 98 | **Community Impact**: A serious violation of community standards, including
 99 | sustained inappropriate behavior.
100 | 
101 | **Consequence**: A temporary ban from any sort of interaction or public
102 | communication with the community for a specified period of time. No public or
103 | private interaction with the people involved, including unsolicited interaction
104 | with those enforcing the Code of Conduct, is allowed during this period.
105 | Violating these terms may lead to a permanent ban.
106 | 
107 | ### 4. Permanent Ban
108 | 
109 | **Community Impact**: Demonstrating a pattern of violation of community
110 | standards, including sustained inappropriate behavior, harassment of an
111 | individual, or aggression toward or disparagement of classes of individuals.
112 | 
113 | **Consequence**: A permanent ban from any sort of public interaction within the
114 | community.
115 | 
116 | ## Attribution
117 | 
118 | This Code of Conduct is adapted from the [Contributor Covenant][homepage],
119 | version 2.1, available at
120 | [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
121 | 
122 | Community Impact Guidelines were inspired by
123 | [Mozilla's code of conduct enforcement ladder][Mozilla CoC].
124 | 
125 | For answers to common questions about this code of conduct, see the FAQ at
126 | [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
127 | [https://www.contributor-covenant.org/translations][translations].
128 | 
129 | [homepage]: https://www.contributor-covenant.org
130 | [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
131 | [Mozilla CoC]: https://github.com/mozilla/diversity
132 | [FAQ]: https://www.contributor-covenant.org/faq
133 | [translations]: https://www.contributor-covenant.org/translations
134 | 
135 | 


--------------------------------------------------------------------------------