KPIs in ‘Risk management’
Percentage of staff trained in critical risk management techniques (e.g., standard risk analysis techniques, crisis management, project management, skills of people to detect when something ...
Cycle time from the discovery of a control deficiency (e.g., vulnerability event) to a risk acceptance decision.
% of critical business services not covered by risk analysis.
Percentage of risk issues exceeding defined risk tolerance for which action plans have been established (alternatively, percentage of mitigation plans that have not been developed)