The set of Key Risk Indicators (KRI) provides an overview of financial risk to which the company is subject. Figure 4.2 shows an example of the residual risk exposure in PEAT ERM. In the following example, we present the risk exposure of the Finance Department due to the Risk Element of Cost Overrun. In the example, the Gross Value of Risk is $1,000,000 and its Residual Value is $500,000. The Corporate Risk, composed of all the risk factors of the company, is $1,480,000.
In this example, KRI Overrun is measured as (L = 4) × (I or V = 4) = (KRI = 16) and can be shown in the Risk Matrix. In this case, it is classified as a Moderate Risk, and a reduction factor of 50% will reduce the risk exposure to $750,000 or a KRI of 12.
The model of dynamic measurement of exposure to corporate risk has the graphical representation as shown in Figure 4.3.
In this case, the company can assess its risk exposure dynamically by implementing the mitigation of Risk Factors, which may be marked by international standards and controls (e.g., SOX, COBIT). Thus, the Vulnerability used by Eletrobrás is associated with compliance with the controls. Dynamically this can be represented by Figure 4.4.
Figure 4.2: Financial Impact KRI
Figure 4.3: Model of Dynamic Measurement of Risk Exposure
Figure 4.4: Dynamic Mitigation of Risk Factors
By means of an audit, be it external or internal, the company can show the evolution of the measures taken to mitigate the risk and reduce its financial exposure.