The concept of Key Performance Indicators is well established at the corporate level, using scorecards as a tool for providing a quick overview on the progress of organizations towards their goals. Key Risk Indicators add risk metrics to that view, relating the progress of indicators to changes in risks.
The report provides selected Key Risk Indicators (KRI) for the area of IAM and GRC. These indicators are easy to measure and provide a quick overview of the risk status and its changes for organizations. The indicators can be combined into a risk scorecard which then can be continuously used in IT management and corporate management.
Kuppinger Cole strongly recommends using KRI concepts as management tool within IT and specifically for IAM and GRC. Many KRIs are easy to use and their adoption can provide quick results. Using these, risks can become a key control for IT, providing insight into risks and support for decisions on IT investments.