Key Risk Indicators

Key Risk Indicator (KRI) is a

metric to measure risk

IT KRIs serve as 'early warning indicators' for any changes in risk exposures related to IT assets.

KRIs have many similarities with Key Performance Indicators (KPIs).

figure 1: KPIs and KRIs

KPIs	KRIs
Measure business performance	Measure potential business risks
They are linked to Business Objectives	They are linked to Business Risks
KPIs are measurable	KRIs are also measurable
KPIs can be categorized into financial, customer, process or learning and growth e.g. using Balanced Scorecard model	KRIs can also be categorized on similar lines e.g. Financial, Operational and People

Examples of IT KRIs:

1. Mean Service Request Resolution Time - Average end -to-end time to resolve a service ticket

2. System Availability % - actual available time / scheduled available time

3. Downtime due to scheduled activity % - budgeted downtime / actual downtime

4. Systems without current maintenance contract % - systems without maintenance contract / total systems

5. Critical system not current % - number of critical systems without up to date patches / number of critical systems

6. Project delayed % - number of projects delayed / total number of projects