The concept of Key Performance Indicators is well established at the corporate level, using scorecards as a tool for a quick overview on the progress of organizations. Key Risk Indicators add risk metrics to that view, relating the progress of indicators to changes in risks. In a recent report, Kuppinger Cole provided 25 selected Key Risk Indicators (KRI) for the area of IAM and GRC. These indicators are easy to measure and provide a quick overview of the risk status and its changes for organizations. The indicators can be combined in a risk scorecard which then can be continuously used in IT management and corporate management. Kuppinger Cole strongly recommends using KRI concepts as tool within IT and specifically IAM and GRC. Many KRIs are easy to use and provide quick results. Thus, risks can become a key control for IT, providing insight in risks and support decisions on IT investments.
