Once risk management roles and responsibilities have been documented in job descriptions and committee charters then appropriate and measurable KPIs should be developed. Just like anything else, risk management KPIs need to be integrated into the overall performance management system.
Risk management is everyone’s responsibility. Yet, our research shows that managing risks is not natural for people, it may even be against human nature. Without proper motivation or with inadequate motivation, employees are often reluctant to fulfil their risk management duties. This message was reinforced during our interviews. Companies that have implemented and monitored risk management KPIs for key employees have demonstrated significantly higher risk management culture maturity.
KPIs should be specific for each role within the overall risk governance model.
For example, KPIs for the CEO may include:
- an improvement in the risk management culture rating;
- regularity and quality of risk disclosure to shareholders;
- achieving risk-adjusted profitability measures.
For CFO or COO risk management KPIs may include:
- improvement in risk management culture maturity;
- RAROC (risk adjusted return on capital);
- the number of critical operational events and so on.
For the employees, a risk management KPI may include timely and accurate risk analysis during core business processes or significant decisions.
USE THE CHECKLIST PROVIDED BELOW TO TURN THIS SECTION INTO ACTIONS
☐ |
Review existing remuneration policy and individual performance KPIs for key decision makers |
☐ |
Develop a set of KPIs for executives, risk managers, business unit heads and employees in high risk activities |
☐ |
Together with HR and internal audit develop measurement / audit criteria for each KPI |
☐ |
Pilot test on one business unit before a full roll-out |
USEFUL VIDEOS
Key performance indicators for risk managers – Alex Sidorenko from RISK-ACADEMY talks about various key performance indicators for risk managers | https://www.youtube.com/watch?v=4N3_eyaljbE |
Omission bias: Alex Sidorenko talks about significant cognitive biases that affect how people in the workplace make decisions | https://www.youtube.com/watch?v=kh-bWQcF2RQ |
Normalcy bias: Alex Sidorenko talks about significant cognitive biases that affect how people in the workplace make decisions | https://www.youtube.com/watch?v=rIU4JGZjfxU |
Neglect of probability bias: Alex Sidorenko talks about significant cognitive biases that affect how people in the workplace make decisions | https://www.youtube.com/watch?v=xhZ8HID4An4 |
Professional deformation bias: Alex Sidorenko talks about significant cognitive biases that affect how people in the workplace make decisions | https://www.youtube.com/watch?v=WfsP4stQtiU |
Semmelweis bias: Alex Sidorenko talks about significant cognitive biases that affect how people in the workplace make decisions | https://www.youtube.com/watch?v=kDbPMd4efOc |
Confirmation bias: Alex Sidorenko talks about significant cognitive biases that affect how people in the workplace make decisions | https://www.youtube.com/watch?v=P3GfC2mOgZI |
Framing bias: Alex Sidorenko talks about significant cognitive biases that affect how people in the workplace make decisions | https://www.youtube.com/watch?v=bx3Or_cHHo8 |
Check out other decision making books
RISK-ACADEMY offers online courses

Informed Risk Taking
Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!

ISO31000 Integrating Risk Management
Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.

Advanced Risk Governance
This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.