Enterprise Risk Management is a such a broad and complex topic that confusion surrounds many of its most vital concepts.
“Risk appetite” is one of those ideas. Risk appetite is a part of a crucial activity in any organization: the management of risk exposure. Financial risk is the type that most readily comes to mind, but there are others: reputational, health and safety, technological innovation and environmental risks, to name a few.
Businesses are well aware of the balancing act between the risk-taking necessary to grow the bottom line and averting risk to protect investments. If an organization does not have a defined statement of risk appetite, it is falling short of a complete model to guide decision making, from the corporate to managerial levels. As well, a comprehensive risk appetite statement brings greater clarity to strategic vision, mission and objectives.
Most importantly, a risk appetite statement is linked to risk tolerance: the defined limitations of risk deviation from target levels. How does one derive acceptable risk tolerance? It is achieved through a strategic process that takes into account the mission and values of an organization, as well as its philosophy, culture and ethics.
A risk appetite statement will guide the management of risk exposure as it pertains to different business objectives. For instance, many service organizations are willing to allow for larger risk with their employee relationships while exercising a conservative level of risk with customer satisfaction. In some cases, an organization may decide that their overall philosophy necessitates less risk with environmental concerns and seek to lessen their environmental footprint. Subsequent steps taken may result in a level of uncertainty in the area of shareholder return. In each case, the strategic ambitions of an organization are taken into account.
The Risk Appetite Scale chart from Rob Quail’s article “Defining Your Taste for Risk”, ranks risk-taking philosophy on a scale from “open” to “averse” and is a good tool for defining how risk associated with each business objective in your organization should be approached.
This material has been drawn in part from the first stand-alone module (Foundations Certificate) of SEEC’s upcoming program Masters Certificate in Risk Management and Business Performance (Nov. 5-9, 2018). The program allows participants to identify the uncertainties and challenges that could inhibit their business’s success – or sink it completely – then determine how to allocate resources to make sure those challenges are addressed, and the business achieves its strategic targets.