Risk Management
68 KPIs
% of controls directly related to maintaining defined risk tolerance
[None]Login to view formula
% of core ERM activities that consider IT risk
[None]Login to view formula
% of core ERM activities with embedded IT risk considerations
MaximizeLogin to view formula
% of critical business services not covered by risk analysis
MinimizeLogin to view formula
% of employees whose performance metrics and rewards reflect risk management objectives
[None]Login to view formula
% of escalated risk vulnerabilities
MinimizeLogin to view formula
% of highly ranked assets, targets and resources reviewed
MaximizeLogin to view formula
% of neglected risk vulnerabilities
MinimizeLogin to view formula
% of overdue risk vulnerabilities
MinimizeLogin to view formula
% of parallel risk assessments with same results
MaximizeLogin to view formula
% of re-opened risk vulnerabilities
MinimizeLogin to view formula
% of risk analyses performed by trained risk analysts
MaximizeLogin to view formula
% of risk analyses that are substantiated by later experience or testing
[None]Login to view formula
% of risk analysis reports accepted on initial delivery
[None]Login to view formula
% of risk analysis undergoing peer review
MaximizeLogin to view formula
% of risk incident response plans past their next required review date
MinimizeLogin to view formula
% of risk incident response plans with one or more open issues
MinimizeLogin to view formula
% of risk incidents with business impact not subject to post-mortem review
MinimizeLogin to view formula
% of risk issues exceeding defined risk tolerance without action plans
MinimizeLogin to view formula
% of risk issues inappropriately distributed in the organisational hierarchy
MinimizeLogin to view formula
% of risk management expenditures with traceability to business risk strategy
MaximizeLogin to view formula
% of risk mitigation plans executed on time
MaximizeLogin to view formula
% of risk vulnerabilities handled first time correctly
MaximizeLogin to view formula
% of risk vulnerabilities worked on
[None]Login to view formula
% of risks with probable frequency of occurrence and probable magnitude of impact measured
MaximizeLogin to view formula
% of staff trained in critical risk management techniques
[None]Login to view formula
% of unaccepted risk issues with action plan developed
[None]Login to view formula
% of unaccepted risk issues without mitigation plans developed
MinimizeLogin to view formula
% of unassessed risks
MinimizeLogin to view formula
Accuracy of risk assessments
[None]Login to view formula
Amount of investment spent on cancelled risk mitigation efforts
MinimizeLogin to view formula
Average closure duration of risk vulnerabilities
MinimizeLogin to view formula
Average number of days open of risk vulnerabilities
MinimizeLogin to view formula
Average overdue time of risk vulnerabilities
MinimizeLogin to view formula
Backlog of risk vulnerabilities
MinimizeLogin to view formula
Closure duration rate of risk vulnerabilities
MinimizeLogin to view formula
Consistency of risk assessment
[None]Login to view formula
Cumulative business impact from events not identified by risk evaluation processes
[None]Login to view formula
Cycle time from discovery of a control deficiency to risk acceptance decision
MinimizeLogin to view formula
Cycle time from reported policy exceptions to decision on their disposition
MinimizeLogin to view formula
Extent of overlap of risk management activities
[None]Login to view formula
Extent to which budgets are allocated based on risk significance
MaximizeLogin to view formula
Frequency of risk management activity reporting
[None]Login to view formula
Number of different issue functions and platforms
MinimizeLogin to view formula
Number of different risk reports provided to the board
MinimizeLogin to view formula
Number of key management decisions without availability of relevant risk analysis report
MinimizeLogin to view formula
Number of open positions in the risk management staff
MinimizeLogin to view formula
Number of policies in force with statements contradicting related risk tolerance
MinimizeLogin to view formula
Number of prioritised risk response activities
[None]Login to view formula
Number of Risk Event
MinimizeLogin to view formula
12
Metrics & KPIs