Home / Resources / News and Trends / Newsletters / AtIsaca / 2020 / Volume 23 / Identify KRIs to Keep Your Business Afloat During the Pandemic

Identify KRIs to Keep Your Business Afloat During the Pandemic

Risk
Author: ISACA
Date Published: 9 November 2020

New and sometimes unpredictable IT vulnerabilities have cropped up as a result of work-from-home policies implemented in the wake of the COVID-19 pandemic. One way organizations can combat these situations for effective governance is by identifying key risk indicators (KRIs), which serve as a warning when risk begins to develop. To best serve an enterprise’s IT governance, KRIs should be determined strategically and intentionally. “Too much data can be overwhelming, too little and you are not going to gain any real insight,” explains Greg Slayton, client partner at Galvanize, in an episode of the ISACA® podcast.

Common KRIs involve business disruption, reputational damage or breach of information. A business disruption could be defined as a loss of data or misappropriation of IT budget, while reputational damage could entail former employees accessing systems or an anonymous data leak. Breach of information might present itself as the sharing of login credentials or a malware attack.

To help organizations prioritize the most urgent KRIs, they can use labels such as “leading,” “lagging” or “current.” “KRIs deliver substantially more value when they are either leading or current. This is because of their predictive nature relative to the business objective or key performance indicator (KPI) that they support,” said Dan Zitting, chief product officer at Galvanize. “While current indicator KPIs measure performance, the best KRIs help us predict how to improve that performance.”

In the “Why You Need a Proactive Approach to Risk” episode of the ISACA Podcast, sponsored by Galvanize, Greg Slayton discusses ways that the pandemic has stretched technology’s limits and how organizations can use KRIs to restore proper risk management. He also explores how often KRIs should be updated and how information security teams can work with auditors on IT risk reporting.

To listen to this podcast, visit the Why You Need a Proactive Approach to Risk page of the ISACA website or stream it on Apple Podcasts, Google Play, Podbean, Spotify or Stitcher.