The Risk Management Association defines operational risk as “the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events.” Examples of operational risk include natural and man-made disasters, cyber-attacks, errors, fraud, and regulatory or contractual non-compliance.
The use of key indicators of performance, risk, and control are considered one of several best practices of a sound Operational Risk Management program. In many risk management programs, the use of key indicators is implemented sporadically at the discretion of individual business units and division managers. Key indicator metrics may not be properly designed to accurately measure the intended activity, and the collection of indicator data may be accomplished in an unnecessarily costly and inefficient manner using spreadsheets and email. With missing or inefficient key indicator reporting, the organization is unable to accurately gauge or compare performance in terms of meeting strategic and operational goals, or understand drivers of risk and control. It also limits the organization’s ability to respond to emerging problems as quickly as possible.
RSA Archer Key Indicator Management provides a means for organizations to establish and monitor metrics related to each business unit and activity within the organization. Key indicators are also typically associated with other elements of your governance program, including risks, controls, strategies and objectives, products and services, and business processes to monitor quality assurance and performance.
Key features include:
- Holistic key indicator management program
- Association of key indicators with business units and named individuals, and establishment of key indicators of performance, risk, control, corporate objectives, business processes, and products and services, depending on your program implementation
- Utilization of key indicator libraries to ensure consistency and quick deployment throughout the organization
- Governance to ensure timely collection of indicator data
- Stakeholder notification when indicators exceed acceptable boundaries
- Consistent approach to calculating indicator boundaries and limits
- Consolidated list of indicators that are operating outside boundaries, and associated stakeholder escalation and remediation plans
- Accountability and management processes around remediation plans and action to bring key indicators back within acceptable boundaries
- Visibility to key risk indicator metrics and remediation plans via predefined reports, dashboards, workflow, and communication channels.
Today, organizations are faced with complex and fast moving operational risk challenges. To effectively manage risk, it’s not enough to know your organization’s strategies, objectives, risks and controls. You need a way to understand if your strategies and objectives are being met; if your risk drivers are increasing or decreasing; and whether your controls are operating as designed or are under stress leading to failure. Tracking your key indicators, the Performance, Risk, and Control indicators associated with each of these elements is crucial in successful organizations today. In addition, indicators associated with changing business activities are a good early warning of changing risk and performance profile.
RSA Archer Key Indicator Management is an essential element of an effective Operational and Integrated Risk Management program to understand the organization’s risk and performance profile and operation of the existing internal control framework. Stressing the agility and flexibility needed by today’s modern organizations, integrated risk management brings together the various domains of risk across business activities (horizontally), connecting the activities to the strategies and objectives of the organization on an aggregated basis (vertically), including these key indicators. This approach to risk management provides leaders with the most holistic understanding of risk facing their organization so they can make truly informed decisions, as quickly as possible, about where to deploy limited capital and human resources to produce optimized returns for the organization while maximizing the likelihood of achieving the organization’s objectives.
As your organization drives business growth, your risk management program must evolve and manage risk more holistically, with more agility and integration than before. Effectively deploying and utilizing Key Indicator management is one ingredient to demonstrating real progress and improvement in decreasing business risk. RSA Archer can help your organization better understand and manage key indicators on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.