Metrics & KPIsRisk IT Establish & Maintain Risk View
12 KPIs
% of IT risk management framework covered by defined methods
% of IT risk management structures and activities set up vs planned
% of staff trained in critical risk management techniques
Degree of completeness of IT risk management framework
Degree of reduction of enterprise risk using strategic use of IT
Extent of risk management communications and training targeting
Level of executive participation in enterprise-wide IT risk assessments
Number of aligned policies with intended audience adherence
Number of IT-related events with business impact with failure to escalate
Number of out-of-cycle enterprise-wide IT risk assessments
Number of policies in force with statements contradicting related risk tolerance
Number of risk issues that exceed risk tolerance