Predictive Risk Analytics (PRA) vs. Key Risk Indicator (KRI)

PRAs focus on resilience whereas KRIs focus on robustness

Predictive Risk Analytics (PRA) intends to predict future event and gain foresight upon the potential business risks: What will happen? How to prevent the risks or what can be done to make business more resilient and well prepared for the possible disruptions. Key Risk Indicators (KRIs) involve metrics that move beyond upper- or lower thresholds or boundaries on plausible events within a business's value chain, that delve into deeper analysis of lead indicators of plausible events. More specifically, PRA and KRI have different focus, they are both valuable in managing corporate risk effectively: 

PRAs focus on resilience whereas KRIs focus on robustness. PRA has a critical output; resilience. Resilience is a measure of how well a business (a system, a process) will resist shock, extreme events, turbulence. Typically organizations have designed systems to prevent failure; however, business world is increasing in complexity and it is more and more difficult to design fail-proof systems; to wit, zero-day exploits. So it makes sense to focus on early detection and fast recovery, or "resilience," as you accept the inevitability of failure. With the critical output from PRA, businesses are resilient to known risks which are predicted, but still there is an element of uncertainty with respect to unknown risks. To mitigate such element, it needs to take continuous monitoring without manual interventions. Some might see PRA data and KRI data as synonyms and one in the same. However, if you consider that the PRA data is merely a data feed and that the KRI consists of the historical audit trail of leading indicators with upper and lower tolerances to enforce overall organizational robustness. 

Stress-Testing simulations assume that a differentiator between KRI and PRA is the extent, towards which a risk or impact model can be finalized and is well understood over through entire enterprise value chain. Use PRA and its current evolution (including continuous monitoring) to discover modeling fit to find potential weaknesses in a risk model and improve the model and its fit. Use KRIs to monitor events according to models that have been fit and are already understood and trusted on board level.

Corporate Culture & Governance: Many organizations lack of ability to understand complex risk models and also lack of "trust" in the fit of models on value chain level, due to "simplicity" of presentation and visualization in regular ERM operationalization. But the "Trust" factor will take new dimension to risk management, as many refer resilience as closer to “good entrepreneurship", which in a standard terminology, to cover a wider context, it can be referred as "Corporate Culture & Governance". This also brings in the "Trust" factor as an essential element to be resilient.

Leverage technology to embed risk management mechanism in business change.  Now the question is how to build the trust and acceptance for predictive modeling which proved to be effective at the higher end of the value chain, but not peculating down to realize the value addition expected out of these sophisticated, but simple operate models. Technology can enable this penetration to the deepest roots of the value chain. Let it be "Big Data" analytics or developed from traditional models of KRI and audit findings. 

Hence, the trust factor and resilience need to be built into the business culture to ensure good corporate governance, and it is the most sophisticated and swindling factors faced by the risk management. Building the models enabled with technology is a task which can be standardized and delivered. But, in real world, only those who could build the models and integrate the same in their corporate culture find it effective in delivering ultimate business value. 

Posted in: Big Data,Business Intelligence,Connecting Dots,GRC