Tip of the Month: Bringing Risk Management to Life with Key Indicators

Did You Know?

BarnOwl enables you to define key indicators (KIs) with targets & thresholds at every level of your organisation. BarnOwl provides all KI owners with access to the BarnOwl portal (intranet) to view and capture their KI values (unlimited free license).

KIs can be defined and linked to:

• Objectives (Key Performance Indicators (KPIs)),
• Risks (Key Risk Indicators (KRIs)
• Controls (Key Control Indicators (KCIs)

KI values can be captured manually by KI owners, or alternatively, can be updated automatically by 3rd party data analytics tools configured to test operational data / transactions and update BarnOwl KI values based on exceptions. BarnOwl integrated with data analytics provides real-time, continuous risk monitoring.

When a KI threshold is breached, BarnOwl automatically triggers a re-assessment of the linked Object (Objective, Risk or Control). Re-assessments act as an early warning system enabling proactive and timely management of risk.

Six (6) simple steps to get the most out of BarnOwl Key Indicators

In the following example, we have created a risk called ‘Availability of critical system A’ with a monthly KRI called ‘System uptime’. The KRI is configured with the following thresholds:

• 95% to 100% = Green,
• 85% to 94% = Yellow,
• 0% to 84% = Red

The KRI is further configured to trigger a re-assessment of the risk when the KRI value is <85% (i.e. goes into the red)

The following is a step-by-step process for using BarnOwl KIs:

Step 1: Once-off configuration of Financial Periods (Administrator)

Step 2: Create and configure a Key Indicator (Administrator)

Step 3: Capture Key Indicator values based on the KI frequency (KI Owner)

Step 4: Risk re-assessment (Risk Owner)

Step 5: Key Indicator monitoring and reporting (Management / Risk Officer)

Step 6: Close a Key Indicator period (Administrator)

Step 1: Once-off configuration of Financial Periods (Administrator)

BarnOwl KIs are configured based on the Client’s financial period:

• Financial Year: This enables financial years (e.g 2025, 2024, 2023) to be configured with start and end dates. For example, this allows financial years to be configured with a start date of 1st April 2024 and a year-end date 31st March 2025.
• Financial Period Type: This enables different types of financial periods (e.g. annually, quarterly, monthly, weekly and daily) to be configured with start and end dates.

Step 2 – Create and configure a Key Indicator (Administrator)

Step 2.1 – Create (or search the library) a new KRI linked to a risk

FIG2.1a: Create (or search) a new KRI called ‘System uptime’ linked to the risk ‘Availability of critical system A’

FIG2.1b: Create a new KRI called ‘System uptime’ linked to the risk ‘Availability of critical system A’

• Measure Name:free text ‘% uptime’
• Unit of Measure: Number (#), Percentage (%), Yes or No (y/n)
• Financial Period Type: configurable periods such as ‘Annual’, ‘Quarterly’, ‘Monthly’, ‘Weekly’, ‘Daily’
• Input Value Calculation Type: ‘Most Recent’, ‘Average’, ‘Cumulative Total’. In this example we have selected a ‘Monthly’ Financial Period Type. ‘Most Recent’ means that the most recent KI value captured during the current month will be used as the final KI value. ‘Average’ means that if I captured 30 KI values over the month (i.e. one per day), the system will use the average of the 30 KI values as the final KI value. ‘Cumulative Total’ means that every month the KI values would accumulate and thresholds would be configured based on accumulated year to date KI values.
• Frequency:configurable periods such as ‘Annual’, ‘Quarterly’, ‘Monthly’, ‘Weekly’, ‘Daily’
• Inverted Thresholds: Select ‘Ascending’ if the KI thresholds are ascending from green to red or select ‘Descending’ if the KI thresholds are descending from green to red. For example; system uptime is descending because thresholds are descending from green >=95%, yellow (>=85% and <95%) and red <85%. If you were measuring a ‘loss ratio’ for example, the KI value would be ascending because thresholds are ascending from green <=60%, yellow (>60 and <=80) and red >80%.
• Category: the KI category used for reporting purposes
• Subcategory: the KI sub category used for reporting purposes.
• Analytics KI: Is checked to indicate that this KI is integrated with a 3rd party data analytics tool.
• Analytics Test ID: A reference to the Analytics Test ID in the 3rd party data analytics tool.

Step 2.2 – Configure KI thresholds per business unit

FIG2.2a: Configure the KI thresholds for ‘System uptime’ in business unit ‘IT’

Right click on a threshold value to ‘copy down’ or ‘copy up’

In the above example:

• A system uptime of between 95% and 100% is Green
• A system uptime of between 85% and 94% is Yellow
• A system uptime of between 0% and 84% is Red

Thresholds are configured by business unit and by frequency (e.g. month).

FIG2.2b: Configure the re-assessment triggers

In the example above, if a KRI value of less than 85% is captured (and finalised), the system will automatically trigger a re-assessment of the risk, warning the risk owner that the risk ‘Availability of critical system A’ needs to be reviewed / re-assessed.

Step 2.3 – Assign an Owner to the KI

FIG2.3a: Assign an Owner to this KI in the specific business unit

Step 3 – Capture Key Indicator values based on KI frequency (KI Owner)

Step 3.1 – View ‘My Key Indicators’ for the financial period

The KI owner can login to the BarnOwl portal at any time to view and capture values against his / her KIs for the particular financial period. In the following example, the KI owner captures the ‘System uptime’ for the relevant month:

FIG3.1a: The Home page shows a list of the My KIs which require finalisation for the financial period

FIG3.1.b ‘My Key Indicators’ register shows a list of the My KIs which require finalisation for the financial period

Only non-finalised KIs are displayed in this register. The red exclamation mark shows overdue KIs which have not been captured and finalised for a past financial period.

FIG3.1.c The ‘Key Indicator Period Values’ register shows a list of the My KIs which have not been captured and/or finalised for the period as well as provide an option for bulk finalisation

The ‘Key Indicator Period Values’ register allows the KI Owner to see all KI values captured per KI financial period including an option to perform bulk finalisation. Finalising a KI value will trigger a re-assessment of the linked Object (in this case the risk ‘Availability of critical system A’) as per the trigger rules specified in FIG2.2b.

Step 3.2 – Capture KI values

FIG3.2a: The KI Owner clicks on the ‘Capture Input Value’ button to capture a KI value for the relevant financial period

FIG3.2b: The KI Owner captures the KRI value for ‘System uptime’ for the relevant financial period

In this example, the KI Owner captures 80% for the financial period from measure Start Date 01/04/2024 to Measure End Date 30/04/2024.
Evidence can also be attached in the Documents tab. If BarnOwl is configured for integrated data analytics, an Excel file of exceptions is automatically attached (embedded) as evidence by the 3rd party data analytics tool.
In cases where the KI is configured for integrated data analytics, the following fields are updated automatically by the 3rd party data analytics tool:

• Total Count: total count of sample records
• Total Value: total Rand value of samples
• Exception Count: total count of exceptions (number of records)
• Exception Value: total Rand value of exceptions

The above fields can however also be captured manually if required.

FIG3.2c: Additional ‘custom’ fields can be configured for KI values

For example, a ‘Reason for the KI input value’ can be captured especially in cases where targets are not being met.

FIG3.2d: The KI Owner can modify or enter new KI values for the financial period.

The system will use the latest value captured since the ‘Input Value Calculation Type’ is set to ‘Most Recent’. KI values can only be captured for financial periods which are open. Please see step 6 for more info.

FIG3.2e: The KI Owner finalises his/her KI values for the financial period.

Once the KI Owner is complete with capturing the KI value for the financial period in question, he / she ticks the ‘Input complete for this period’ to finalise the KI values for this period.

The KI Owner can modify or capture KI values and then tick the ‘Input complete for this period’ to finalise the KI value. The KI Owner can tick or untick this indicator provided the financial period is open. Should the KI Owner wish to make any changes to KI values once the financial period is closed (see step 6), the KI Owner will need to request the Administrator to re-open the period. Please see step 6. Closing off financial periods, prevents KI values from being modified retrogressively by KI Owners.

Step 4 – Risk re-assessment (Risk Owner)

Step 4.1 – Risk re-assessment (Risk Owner)

FIG4.1a: Re-assessment triggers

An email notification as well as a red exclamation mark on the risk register, warns the Risk Owner (including email notification/s) that the risk ‘Availability of critical system A’, needs to be reviewed. The Risk Owner decides whether to re-rate the risk based on the changing values of the linked Object/s (in this example the linked KI object ‘System uptime’). Risk re-assessments are triggered by rating changes to linked Controls, Child Risks as well as KRI threshold breaches.

FIG4.1b: Re-assess the rating of the risk

The re-assessment pane shows which Objects (in this case the KRI ‘System uptime’) have changed (previous value and current value) assisting the Risk Owner to make an informed decision when re-assessing the risk (i.e. whether to re-rate the residual rating of the risk or not).

FIG4.1c: Re-rate the residual likelihood of the risk

In this example, the risk Owner decides to change the Residual likelihood rating from a rating of 1.00 to 2.00

and then turns off the re-assessment flag by unticking theThe system will automatically tick this re-assessment flag again when any linked Objects change again over time. The risk Owner is kept appraised on a continuous basis of a changing environment.

FIG4.1d: View the risk history (audit trail) showing the re-rating of the residual likelihood from 1.00 to 2.00

Step 5 – Key Indicator monitoring and reporting (Management / Risk Officer)

Step 5.1 – Generate Key Indicator reports

All Register reports export what is configured on the register (i.e. visible fields).

Step 5.2 – Power BI Key Indicator dashboards

BarnOwl provides extensive interactive Power BI dashboards with slicers (filters) and full drill down / drill up capability as well the ability to export all sheets (in their current view) into PDF format.

Step 6 – Close a Key Indicator period (Administrator)

Step 6.1 – Close a Key Indicator period

FIG6.1a: Close a KI period

The Administrator can open or close a financial period by checking / unchecking the ‘Open for KI’ check box. Unchecking the ‘Open for KI’ will prevent any KIs (across the entire system) from being captured or changed for that financial period. A KI Owner would need to request the Administrator to re-open a financial period if the KI Owner needed to capture or make a change to a KI value in a previously closed financial period.

Conclusion

Key Indicators, provide a strategic early warning system driving preventative and predictive capability, with real time insights, facilitating effective business decision making and business improvement.

Useful links

https://barnowl.co.za/knowledge-base/spotlight/spotlight-session-insight-version-11-2-with-new-interface-for-rcsas-surveys-questionnaires-and-kis/

https://barnowl.co.za/knowledge-base/tip-of-the-month/barnowl-arbutus-bringing-grc-to-life-with-integrated-data-analytics-and-continuous-monitoring/

http://api.barnowl.co.za/wp-content/uploads/2023/01/Arbutus-integration-Data-Sheetv2-min.pdf

About BarnOwl

BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by over 150 blue-chip organisations. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework.

Please see www.barnowl.co.za for more information.

Additional information on Key Indicators

Key indicators vary depending on the nature of the organisation, its industry, and the specific risks it faces. Some common types of key indicators in risk management include:

1. **Financial Indicators**: These include metrics related to financial health, such as revenue, profitability, cash flow, debt levels, and liquidity. Sudden changes or trends in these indicators can signal potential financial risks.
2. **Operational Indicators**: These indicators focus on operational processes and performance. Examples include production efficiency, quality control metrics, supply chain disruptions, and employee productivity. Deviations from normal operating parameters may indicate operational risks.
3. **Compliance and Regulatory Indicators**: These indicators track compliance with laws, regulations, and industry standards. Non-compliance can lead to legal penalties, reputational damage, and operational disruptions. Monitoring changes in regulations and compliance metrics is essential.
4. **Market Indicators**: Market-related indicators include factors such as market volatility, interest rates, exchange rates, and commodity prices. These indicators help assess risks related to market fluctuations, competitive pressures, and external economic conditions.
5. **Reputational Indicators**: Reputation is a valuable asset for organizations. Indicators such as customer satisfaction scores, brand sentiment analysis, media coverage, and social media mentions can provide insights into potential reputational risks.
6. **Cybersecurity Indicators**: With the increasing threat of cyber attacks, monitoring cybersecurity indicators is critical. These may include metrics related to network traffic, malware detection, system vulnerabilities, and incident response times.
7. **Risk Appetite and Tolerance Indicators**: These indicators reflect the organization’s willingness and capacity to take on risk. They help align risk-taking activities with strategic objectives and ensure that risks are within acceptable limits.
8. **Key Performance Indicators (KPIs)**: KPIs are specific metrics tied to organizational goals and objectives. Monitoring KPIs allows organizations to assess performance and identify areas where risks may impact the achievement of strategic objectives.
9. **Early Warning Indicators**: These indicators are designed to identify emerging risks before they escalate into significant issues. They often involve leading indicators that provide advance notice of potential problems, enabling proactive risk management.
10. **Environmental, Social, and Governance (ESG) Indicators**: ESG factors are increasingly important in risk management, reflecting environmental, social, and governance considerations. Indicators related to sustainability practices, social responsibility, and ethical governance help assess non-financial risks and opportunities.

By tracking and analyzing these key indicators, organizations can enhance their risk management capabilities, anticipate potential threats, and take proactive measures to mitigate risks and capitalize on opportunities.
Leading key indicators and lagging key indicators are two types of performance metrics used in various aspects of business and risk management. They serve different purposes and provide insights into different aspects of performance and risk. Here’s a breakdown of each:

Leading Key Indicators:

1. **Proactive in Nature:** Leading indicators are forward-looking metrics that provide insight into future performance trends. They help organizations anticipate and prepare for potential changes or challenges.
2. **Predictive:** Leading indicators are often predictive of future outcomes. By identifying early warning signs or trends, they enable proactive action to mitigate risks or capitalize on opportunities.
3. **Examples:** In risk management, leading indicators may include metrics such as employee training hours, safety inspections, customer satisfaction surveys, and quality control checks. For financial performance, leading indicators could include sales pipeline activity, new product development milestones, or employee turnover rates.
4. **Focus on Prevention:** Leading indicators are typically associated with prevention strategies. By monitoring and improving leading indicators, organizations aim to prevent negative outcomes and drive desired results.

Lagging Key Indicators:

1. **Reflect Historical Performance:** Lagging indicators are retrospective metrics that measure past performance. They provide a snapshot of what has already occurred and are often used to assess the effectiveness of past actions.
2. **Reactive:** Lagging indicators are reactive in nature, as they reflect outcomes that have already occurred. While they can provide valuable insights, they may not offer much opportunity for proactive intervention.
3. **Examples:** Lagging indicators in risk management could include metrics such as accident rates, customer complaints, financial losses, and audit findings. In financial performance, lagging indicators may include revenue, profit margins, return on investment, and market share.
4. **Focus on Evaluation:** Lagging indicators are primarily used for evaluation and performance assessment. They help organizations understand the outcomes of their actions and make adjustments for future planning.

Comparison between leading and lagging indicators:

**Usefulness:** Leading indicators are more useful for proactive risk management and performance improvement, while lagging indicators are more suitable for evaluating past performance and making adjustments.

**Actionability:** Leading indicators provide opportunities for proactive action, allowing organizations to intervene before problems escalate. Lagging indicators, on the other hand, offer insights into outcomes that have already occurred and may require reactive responses.

**Time Horizon:** Leading indicators focus on the future, while lagging indicators focus on the past. As such, leading indicators are more forward-looking, while lagging indicators are historical.

In summary, both leading and lagging indicators play important roles in performance measurement and risk management, but they serve different purposes and provide insights at different points in time. Organizations often use a combination of both types of indicators to gain a comprehensive understanding of performance and risk.

Source: ChatGPT