Which of the following BEST measures the operational effectiveness of risk management
capabilities?
A.
Capability maturity models (CMMs)
B.
Metric thresholds
C.
Key risk indicators (KRIs)
D.
Key performance indicators (KPIs)
Explanation:
Key performance indicators (KPIs) provide insights into the operational effectiveness of the
concept or capability that they monitor. Key Performance Indicators is a set of measures that a
company or industry uses to measure and/or compare performance in terms of meeting their
strategic and operational goals. KPIs vary with company to company, depending on their priorities
or performance criteria.
A company must establish its strategic and operational goals and then choose their KPIs which
can best reflect those goals. For example, if a software company’s goal is to have the fastest
growth in its industry, its main performance indicator may be the measure of its annualrevenue
growth.
Answer C is incorrect. Key risk indicators (KRIs) only provide insights into potential risks that may
exist or be realized within a concept or capability that they monitor. Key Risk Indicators are the
prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high
probability of predicting or indicating important risk. KRIs help in avoiding excessively large
number of risk indicators to manage and report that a large enterprise may have.
Answer A is incorrect. Capability maturity models (CMMs) assess the maturity of a concept or
capability and do not provide insights into operational effectiveness.
Answer B is incorrect. Metric thresholds are decision or action points that are enacted when a KPI
or KRI reports a specific value or set of values. It odes not provide any insights into operational
effectiveness.