CRISC Certified in Risk and Information Systems Control – Question172

Which of the following BEST measures the operational effectiveness of risk management capabilities?

A.
Capability maturity models (CMMs)
B. Metric thresholds
C. Key risk indicators (KRIs)
D. Key performance indicators (KPIs)

Correct Answer: D

Explanation:

Explanation:
Key performance indicators (KPIs) provide insights into the operational effectiveness of the concept or capability that they monitor. Key Performance Indicators is a set of measures that a company or industry uses to measure and/or compare performance in terms of meeting their strategic and operational goals. KPIs vary with company to company, depending on their priorities or performance criteria. A company must establish its strategic and operational goals and then choose their KPIs which can best reflect those goals. For example, if a software company’s goal is to have the fastest growth in its industry, its main performance indicator may be the measure of its annual revenue growth.
Incorrect Answers:
A: Capability maturity models (CMMs) assess the maturity of a concept or capability and do not provide insights into operational effectiveness.
B: Metric thresholds are decision or action points that are enacted when a KPI or KRI reports a specific value or set of values. It does not provide any insights into operational effectiveness.
C: Key risk indicators (KRIs) only provide insights into potential risks that may exist or be realized within a concept or capability that they monitor. Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have.