Is your risk appetite statement of value?

0
248

A few days ago, Lose Luiz Valentim commented on my post, Auditors need to understand risk management.  He pointed out that banks and other financial institutions are required by their regulators to have a risk appetite statement, and asked my views on assessing their effectiveness.

I replied with a quick suggestion, but this is a topic that merits more.

Much more (this is a long post) because this is a very important topic – for risk practitioners, executive management, board members, and auditors.

I will cover some background on risk appetite before talking about how to determine whether your statements add value in practice rather than checking the regulator’s box.

====================================================================

My most read post ever is on the topic of risk appetite. More than 89,000 have viewed Just what is risk appetite and how does it differ from risk tolerance? In it, I said (I will highlight throughout this post excerpts I find especially useful):

How can we have a productive conversation about risk management unless we use the same language? One of the terms that serves as much to confuse as clarify is “risk appetite’. What does it mean, and how does it differ from risk tolerance?

Let’s look first at the COSO ERM Framework. It defines risk appetite as “the amount of…

Подробнее…