Loading...

Subscribe to newsletters

Legal & Privacy

Request a Proposal

© 2024-2025 Baker Tilly US, LLP / Baker Tilly Advisory Group, LP

Baker Tilly US, LLP and Baker Tilly Advisory Group, LP and its subsidiary entities provide professional services through an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable laws, regulations and professional standards. Baker Tilly US, LLP is a licensed independent CPA firm that provides attest services to clients. Virchow, Krause & Company, LLP, a licensed CPA firm, is an affiliated entity of Baker Tilly US, LLP and provides attest services to clients located in Kansas, USA. Baker Tilly Advisory Group, LP and its subsidiary entities provide tax and business advisory services to their clients. Baker Tilly Advisory Group, LP and its subsidiary entities are not licensed CPA firms.

Baker Tilly Advisory Group, LP and Baker Tilly US, LLP are independent members of Baker Tilly International. Baker Tilly International Limited is an English company. Baker Tilly International provides no professional services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. Baker Tilly Advisory Group, LP and Baker Tilly US, LLP are not Baker Tilly International’s agent and do not have the authority to bind Baker Tilly International or act on Baker Tilly International’s behalf. None of Baker Tilly International, Baker Tilly Advisory Group, LP, Baker Tilly US, LLP, nor any of the other member firms of Baker Tilly International has any liability for each other’s acts or omissions. The name Baker Tilly and its associated logo is used under license from Baker Tilly International Limited.

The importance of risk metrics, KRIs and KPIs to your ERM framework | Baker Tilly

erm metrics

Webinar

The importance of risk metrics, KRIs and KPIs to your ERM framework

April 25, 2025 · Authored by Corey Parker, Audrey Lindquist, Matt Cordle

Subscribe to newsletters

Share

Related sections

Construction
Dealer Services
Energy
Financial Institutions
Manufacturing
Private Equity & Portfolio Companies
Real Estate
Retail
Government Services
Risk Advisory
Transactions
Aerospace & Defense

Tags

Enterprise Risk Management

The fourth (and final!) installment in Baker Tilly’s enterprise risk management (ERM) webinar series—The importance of risk metrics, KRIs and KPIs to your ERM framework — explores just that — why developing, monitoring and utilizing risk metrics, key risk indicators (KRIs) and key performance indicators (KPIs) is critical to the success of your overall ERM framework.

We invite you to review the first, second and third installments of this series to deepen your understanding of fundamental ERM concepts:

ERM essentials: Building a strong foundation
Enhancing ERM: Moving beyond the traditional risk assessment
Foundational concepts for long-term success with ERM governance

Whether you’re a seasoned risk professional or are only now beginning your journey, this exclusive ERM webinar series from Baker Tilly delivers valuable takeaways. 

ERM is a critical component for organizations aiming to better navigate uncertainties and achieve their strategic objectives. In today’s risk landscape, where enterprise-wide risks are evolving faster and extending further than ever before, the most effective ERM frameworks properly leverage risk metrics, KRIs and KPIs to proactively monitor and manage risks and potential opportunities.

That’s the end goal. But where do you begin?

Introduction to ERM metrics

Corey Parker

Corey Parker

Principal

Related sections

Construction
Dealer Services
Energy
Financial Institutions
Manufacturing
Private Equity & Portfolio Companies
Real Estate
Retail
Government Services
Risk Advisory
Transactions

Article Tags

Enterprise Risk Management

Banking & Capital Markets

Transportation, Logistics & Distribution

Food & Beverage

Affordable Housing

Real Estate Investors

Bank Compliance

CFO Advisory Services

Commercial Due Diligence

Enterprise Risk Management

Forensic Accounting

Government Funding & Compliance Advisory

Mergers & Acquisitions

Strategy & Management Consulting

Transaction Advisory Services

are essential tools that provide insights into changes in risk exposure and the potential associated impact on performance. They help organizations track risk levels, identify emerging threats and opportunities, and make informed decisions. Metrics can be categorized into KRIs and KPIs, each serving distinct purposes in risk management.

KRIs (key risk indicators) are metrics that are tied to a risk exposure and signal potential risk events before they occur. They are forward-looking and help organizations anticipate and mitigate risks proactively.
KPIs (key performance indicators) on the other hand, measure the result of actions already taken and are typically backward-looking.

Together, tracking KRIs and KPIs for an organization’s risks can provide a more comprehensive view of risk and performance — past, present and future.

Developing metrics for top risks

The development of effective risk metrics involves several phases: developing KRIs, defining tolerances and aggregating data.

Developing KRIs

This phase focuses on identifying scenarios and drivers that could lead to potential risk events. It involves selecting the top scenarios and their associated drivers for a risk, researching potential data sources and collecting any available historical data to develop a trend analysis.

Defining tolerances

Establishing tolerance thresholds for risk metrics is crucial for evaluating changes in risk exposure levels. This phase includes confirming tolerances with risk owners, setting quantitative thresholds for risks and defining escalation protocols in the event a threshold is breached.

Aggregating data

The aggregation of KRI data for each top risk enables ongoing monitoring and helps to establish an objective approach to escalating risk discussions. This phase involves assigning weights to KRIs, then aggregating KRI scores up to overall scenario scores, risk category scores and business unit scores (as desired).

Leading practices for utilizing KRIs

It’s not enough to simply develop a set of KRIs for a risk and hope they work as intended. Effective KRIs must be properly aligned to the root causes of the risk, then monitored, operationalized and reviewed periodically to ensure continued alignment with the overall level of tolerance for the risk.

Aligning KRIs with strategic objectives

KRIs should be aligned with the organization's strategic goals and performance objectives. This ensures that risk management efforts are focused on areas that matter most to the organization.

Monitoring through the SMART principle

As simple as it may sound, effective KRIs should adhere to the SMART principle — Specific, Measurable, Actionable, Reliable and Timely. This ensures that KRIs are clear and quantifiable, and that they provide actionable insights, enable consistent monitoring and offer early indicators of potential risk exposure.

Operationalizing KRIs

Moving your KRIs from concepts to concrete metrics involves actively integrating them into the organization's risk monitoring processes. This is, in large part, the actual work of what we discussed above — developing KRIs, defining tolerances, aggregating data and incorporating dashboards for reporting.

Challenges and mitigating activities

Even with the best laid plans, implementing effective risk metrics can be challenging. As you seek to incorporate (or refine) the above within your organization, it’s often helpful to know what speed bumps and roadblocks might be up ahead. The most common challenges we’ve seen often include:

Data collection: Collecting accurate and relevant data for KRIs can be difficult, especially if data sources are fragmented or unreliable.
Threshold setting: Defining appropriate tolerance thresholds requires a deep understanding of risk dynamics and organizational priorities.
Stakeholder engagement: Ensuring that internal stakeholders understand and use risk metrics effectively requires ongoing communication and training.

But you’re not without hope! To mitigate these challenges, organizations can:

Leverage existing data: No need to reinvent the wheel from the ground up. Use existing data sources as a starting point for developing KRIs and KPIs.
Pilot metrics development: Start with a pilot project to develop metrics for one risk, working with friendly risk owners to refine the process.
Align metrics with performance objectives: Ensure that metrics are aligned with the organization's top performance objectives to maintain relevance and focus.

The bottom line

Risk metrics, KRIs and KPIs are indispensable tools for effective ERM. They provide objective and actionable data that help organizations monitor risk exposure, track performance and make informed decisions. By developing robust metrics, defining tolerance thresholds and utilizing dashboards for reporting, organizations can enhance their ERM program and navigate uncertainties with confidence.

Connect with us

Dive deeper into risk metrics, explore real-world reporting dashboards - and more.

Watch our on-demand webinar

Related insights

erm strategy - Silhouette of people in city connected digitally

ERM essentials: Building a strong foundation

Watch this on-demand webinar as Baker Tilly specialists delve into the essentials of enterprise risk management (ERM).

Real estate building with view of windows outside

Enhancing ERM: Moving beyond the traditional risk assessment

Join Baker Tilly for the second on-demand webinar in our enterprise risk management (ERM) series where we explore how to enhance risk assessment at your organization.

Team high fiving

Improving risk assessments by leveraging collaboration methods and tools

Implementing the right collaboration methods and tools can improve your organization’s risk assessment process and the quality of the risk data it produces.

long-term success with erm governance

Foundational concepts for long-term success with ERM governance

The third in Baker Tilly’s four-part ERM webinar series, Enterprise risk management: Building an effective ERM governance structure delivers valuable insight on risk management.

Aerospace & Defense

Banking & Capital Markets

Transportation, Logistics & Distribution

Food & Beverage

Affordable Housing

Real Estate Investors

Bank Compliance

CFO Advisory Services

Commercial Due Diligence

Enterprise Risk Management

Forensic Accounting

Government Funding & Compliance Advisory

Mergers & Acquisitions

Strategy & Management Consulting

Transaction Advisory Services