What defines the threshold for a key risk indicator (KRI)?

A key risk indicator (KRI) is a metric used to assess the level of risk within an organization. The threshold for a KRI is fundamentally defined by the organization's risk tolerance. Risk tolerance reflects the amount of risk that an organization is willing to accept in pursuit of its objectives. Setting a threshold based on risk tolerance helps in determining what level of risk is acceptable and when risk mitigation actions need to be taken.

In practice, if an indicator exceeds the defined threshold, it signals that risk levels may be reaching an unacceptable state, prompting further analysis or action to manage the risk. This reliance on risk tolerance allows organizations to tailor their KRIs to align with their strategic goals and risk management strategies, ensuring they remain within acceptable boundaries while pursuing their objectives.

Additionally, while organizational policies, compliance requirements, and industry standards can influence the establishment and monitoring of KRIs, they do not inherently define the threshold for them. Each organization may have unique risk tolerances based on its specific circumstances, which directly informs how thresholds for KRIs are set.