Policy, Program and Procedures

 View Only
  • 1.  KPIs

    Posted 01-31-2020 12:42 PM
    ​I'm interested if other folks are using key performance indicators to measure the success of their programs. If so, what KPIs are you using?


  • 2.  RE: KPIs

    This message was posted by a user wishing to remain anonymous
    Posted 02-03-2020 08:48 PM
    This message was posted by a user wishing to remain anonymous

    Hello all.

    We have tracked the following 

    Operational Metrics
    * In Progress
    * Assessed 
    * Number of Low, low to med., medium, med to high, high 
    * overall risk level 
    * risk level by department 
    *number of tier 1 assessed and not assessed 
    * number of tier 2
    * number of tier 3
    * Top 25 vendors
    * Number of vendors in action plan remediation 
    * Trending Risk - Inherent vs. Residual 
    * In 2020 we are attempting to learn FAIR and move away from High, Med., Low and assisng a dollar loss and frequency/probablity stats to risk scenarios

    * Also in 2020 we have been asked to think about a Leadership dashboard for key metrics so I am trying to come up with something for this such as 


    1. Normative/generic risk statements
      1. Details --- each risk statement
      2. Category – risk statement category for easier reporting/dashboard summary
    2. Residual risks
      1. Category
      2. Top 10, summary by risk category, etc.
      3. Type and exposure (and magnitude – think FAIR)
      4. Response Plan
      5. Details
    3. How long have the risks been open – days, months, etc.
      1. Category with # of days
    4. Who owns the risk?
      1. Dept
      2. Name
      3. Use this for quarterly meetings with department
    5. When is the next risk follow up – quarterly --- tie to response plan 
      1. Vendor
      2. Dept
      3. QTR