There are two other blog posts on the risk assessment (RAM) and key indicator (KIM) matrices posted last year and the year before demonstrating differences and similarities. In this post, there is an attempt to build upon the previous posts and to enhance some of these differences and similarities. Let’s start with a narrative description followed by a chart/matrix comparison.
Risk Assessment (RAM) is generally depicted as a 3 x 3 matrix (pictured below) with risk on one axis and prevalence on the other axis; while Key Indicators (KIM) is generally depicted as a 2 x 2 matrix in which one axis measures individual rule compliance and the other axis measures overall regulatory compliance or compliance history. RAM deals with individual rules with a weight while KIM deals with aggregate rules and high and low regulatory compliance. RAM rules are heavily weighted while KIM rules are medium weighted. RAM is hardly ever out of compliance while KIM has a good deal of non compliance to distinguish the high compliant group from the low compliant group. RAM uses likert scale and means; KIM uses correlational analyses and prediction. RAM is expert opinion while KIM is data driven.
RAM/KIM Matrix: Risk Assessment and Key Indicators
| High Risk/High Prevalence | High Risk/Med Prevalence | High Risk/Low Prevalence |
| Med Risk/High Prevalence | Med Risk/Med Prevalence | Med Risk/Low Prevalence |
| Low Risk/High Prevalence | Low Risk/Med Prevalence | Low Risk/Low Prevalence |
In the above 3 x 3 Matrix: Risk x Prevalence are listed across the axis, in which RAM is preventing high risk, high prevalence but in reality RAM rules are very low prevalence, low non-compliance. KIM rules are usually med risk and prevalence.
The above matrix and narrative provides additional enhancements to the differences and similarities between risk assessment and key indicator rules. As one can see, there are some basic differences but at the same time there is a deep common structure that underlies both. These are important attributes to consider before using these statistical methodologies as part of a differential monitoring approach. But the bottom line when using either RAM or KIM, or RAM+KIM, all RAM and KIM rules must be in compliance at all times. Remember it is not about more or less rules in total, it is about compliance with the right rules.
Let’s take this to the next step and think about this more broadly and relate it to the larger research literature dealing with businesses. Risk assessment and key performance indicators (KPIs) are two important concepts in business management. Risk assessment is the process of identifying, evaluating, and managing risks to an organization’s objectives. KPIs are metrics that measure an organization’s performance against its objectives.
The two concepts are related in that risk assessment can help organizations identify and prioritize risks that could impact their KPIs. For example, if an organization’s KPI is to increase sales by 10%, then risk assessment can help the organization identify risks that could prevent it from achieving this goal, such as a competitor launching a new product or a change in customer behavior.
Once risks have been identified, organizations can develop mitigation strategies to reduce the likelihood or impact of those risks. KPIs can be used to track the effectiveness of these mitigation strategies. For example, if an organization is concerned about a competitor launching a new product, it could track its sales data to see if there has been a decrease in sales since the competitor launched its product.
By integrating risk assessment and KPIs, organizations can improve their ability to identify, manage, and mitigate risks to their objectives. This can help organizations achieve their goals and objectives more effectively.
Here are some examples of how risk assessment and KPIs can be used together:
- A bank might use risk assessment to identify the risks of fraud and theft. The bank could then use KPIs to track the number of fraudulent transactions and the amount of money lost to fraud. This information could be used to develop mitigation strategies, such as implementing new security measures or training employees on how to spot and prevent fraud.
- A manufacturing company might use risk assessment to identify the risks of product recalls and safety incidents. The company could then use KPIs to track the number of product recalls and the number of safety incidents. This information could be used to develop mitigation strategies, such as improving product quality or implementing new safety procedures.
- A retail company might use risk assessment to identify the risks of natural disasters and supply chain disruptions. The company could then use KPIs to track the number of natural disasters that occur in its region and the number of supply chain disruptions that occur. This information could be used to develop mitigation strategies, such as developing contingency plans or building up inventory.
By integrating risk assessment and KPIs, organizations can improve their ability to identify, manage, and mitigate risks to their objectives. This can help organizations achieve their goals and objectives more effectively.
RIKI - Research Institute for Key Indicators Data Laboratory 
Leave a comment