Satarla Associate, Dr. Graeme Keith, formed part of the expert panel discussing Practical Strategies for Developing Your Risk Metrics, where recent case studies are used to provide insight into how organisations, departments and their teams can identify, develop and maintain appropriate risk metrics..
This webinar was delivered in partnership with RIMS (Risk and Insurance Management Society), and risk management software company, Resolver. The full one-hour webinar and slides from the presentation are available to view here.
Summary
Identify - assessing the current and target state for your metrics are essential activities; a risk maturity study can help you achieve this. Any metric developed has to be well understood in terms of the outcomes you want them to drive, otherwise they can drive perverse behaviors. Organisations need a strategic overview in place before they can decide what needs to be measured to monitor their risks.
Develop a program for your metrics - this stage helps organisations understand what outcomes you can change, and the internal levers you can pull on to influence this. Using causal mapping helps organisations identify such objectives and levers that can drive change, for example targeting policies, rather than reporting on the easily available data that may influence perverse behaviours. Causal mapping therefore helps organisations decide which leading and lagging indicators will be effective metrics.
Maintain - continue to develop your metrics so they stay relevant to your risk management. Create transparency and a common language around appropriately managing your risks, so that you measure and focus on building metrics that can be reported on easily. A quantitative approach can be beneficial because it introduces rigour and understanding around the logic behind what your are trying to achieve and how you achieve it. Understanding your emerging risks allows you to identify where the vulnerabilities in your organisation by viewing your risks as a network of nodes that interrelate; in reality, what often knocks organisations off-course is the knock-on effect of one risk materialising and driving change. For example, large external drivers such as COVID-19 and Brexit are interconnected so affect all risks, either directly or through knock-on effects. The key to getting this exercise right is to quantify the things you can pragmatically. Final message: organisations must understand their own causal relationships by first having a strategic discussion on how risks relate to each other.
Abstract
Determining the right metrics for tracking the effectiveness of your risk management program can be a daunting task. The biggest challenge for teams is ensuring that they identify the metrics that actually matter to their business. Without the correct metrics, teams waste precious time and resources tracking something that actually provides little to no insight into the status of their program.
As we approach the end of the year, now is the perfect time to reflect, reset and ensure that your team is set up and ready for the new year ahead. Following this panel discussion, walk away with practical strategies to:
Identify the correct metrics to help you track the efficiency of your team’s risk program
Develop KRIs, KPIs and controls
Leverage those metrics to gain visibility into the effectiveness of your controls
Apply actionable case study examples from industry-leading risk teams.