I’ll start with the COSO definition of risk appetite:
The types and amount of risk, on a broad level, an organization is willing to accept in pursuit of value.
Focus on the word, “amount”.
Most people quantify this in monetary terms.
I don’t and let me explain why using real-life examples.
When I was with Coopers & Lybrand in the UK, a partner (Chris Lowe) returned from the States with an amazing story.
X
THE HEAD OF SALES
For some unexplained reason, a client company in the US had engaged him (rather than a member of the US firm) to investigate whether their head of Sales was committing fraud. He found that their suspicion was correct. The guy had been siphoning off millions, and Chris reported that to the CFO and CEO.
Some months later, Chris was invited to join top management and the board for a dinner to celebrate a recent success.
He was stunned to see the head of Sales there, chatting happily with board members.
Chris asked the CFO what happened. Had the board not accepted his report? Had they been persuaded that he was wrong?
No. The CFO told him that they had accepted his report. But when they considered what action to take the CEO told them that without this head of Sales they would have no revenue! They relied so heavily on his relationships with their top customers that if he were fired they…
