The greatest concern when establishing key risk indicators (KRIs) is using ineffective methods to assess risk. KRIs are metrics that measure the likelihood and impact of risks, and help monitor and prioritize the most critical risks. To establish effective KRIs, the risk assessment methods should be reliable, valid, consistent, and timely. Ineffective methods to assess risk could lead to inaccurate or misleading KRIs, which could result in poor risk management decisions and outcomes. The other options are not as significant as using ineffective methods to assess risk, although they may also affect the quality and usefulness of KRIs. References = Risk and Information Systems Control Study Manual, Chapter 4, Section 4.4.1, page 4-36.