Metrics & KPIsRisk IT Integrate with ERM
17 KPIs
% of business projects that consider IT risk
% of core ERM activities that consider IT risk
% of core ERM activities with embedded IT risk considerations
% of employees whose performance metrics and rewards reflect risk management objectives
% of IT risk expenditures with traceability to business risk strategy
% of IT risk management action plans approved for implementation
% of IT risk practices adapted to ERM organisational expectations
Extent of alignment between organizational and IT risk management objectives
Extent of ERM integration of reporting on IT risk
Extent of overlap of risk management activities
Extent to which budgets are allocated based on risk significance
Frequency of IT risk as an agenda item for the executive committee
Number of different issue functions and platforms
Number of different risk reports provided to the board
Number of open positions in the risk management staff
Penetration % of executive training on IT risk management
RACI alignment score