What formal mechanism is used to measure the performance of a program against its desired goals?

The formal mechanism that is used to measure the performance of a program against its desired goals is Key Performance Indicators (KPIs). KPIs are quantifiable metrics that organizations utilize to evaluate success in reaching objectives related to key business activities. They provide a clear framework for measuring performance over time, allowing for comparisons against targets or benchmarks.

By establishing specific KPIs, an organization can ensure that it is making progress toward meeting its goals and can adjust strategies as necessary to enhance performance. For example, a cybersecurity program might have KPIs related to the number of detected security incidents, time to respond to incidents, or user compliance with security training.

While risk registers track potential risks and their impacts, and processes define the methodologies for carrying out operations, neither directly measures performance against goals. Key Risk Indicators, while also important, focus specifically on risks rather than broad performance metrics. Thus, KPIs are essential in determining whether an organization is on track to achieve its desired outcomes, making them the correct choice in this context.