This message was posted by a user wishing to remain anonymous
Hello all.
We have tracked the following
Operational Metrics
* In Progress
* Assessed
* Number of Low, low to med., medium, med to high, high
* overall risk level
* risk level by department
*number of tier 1 assessed and not assessed
* number of tier 2
* number of tier 3
* Top 25 vendors
* Number of vendors in action plan remediation
* Trending Risk - Inherent vs. Residual
* In 2020 we are attempting to learn FAIR and move away from High, Med., Low and assisng a dollar loss and frequency/probablity stats to risk scenarios
* Also in 2020 we have been asked to think about a Leadership dashboard for key metrics so I am trying to come up with something for this such as
- Normative/generic risk statements
- Details --- each risk statement
- Category – risk statement category for easier reporting/dashboard summary
- Residual risks
- Category
- Top 10, summary by risk category, etc.
- Type and exposure (and magnitude – think FAIR)
- Response Plan
- Details
- How long have the risks been open – days, months, etc.
- Category with # of days
- Who owns the risk?
- Dept
- Name
- Use this for quarterly meetings with department
- When is the next risk follow up – quarterly --- tie to response plan
- Vendor
- Dept
- QTR
Original Message:
Sent: 01-31-2020 12:42 PM
From: Josh Bowman
Subject: KPIs
I'm interested if other folks are using key performance indicators to measure the success of their programs. If so, what KPIs are you using?