I have written a lot over the years about risk appetite and the value of risk appetite statements, both here on this blog and also in my books, especially World-Class Risk Management (2015) and Risk Management in Plain English: A Guide for Executives, Enabling Success through Intelligent and Informed Risk-Taking (2018).
I am going to write more today, excerpting my writing from a few years ago before summarizing, as best I can, my current thinking.
This is from Risk Management in Plain English (with my highlights), a concise discussion of effective risk management for the time-burdened executive (discussed further in Risk Management for Success (2020)):
The concept of “risk appetite” has been popularized by consultants, regulators, and others. It is defined as:
“The types and amount of risk, on a broad level, an organization is willing to accept in pursuit of value”.
This is not particularly useful.
It’s not about managing risk; it’s about managing the achievement of objectives.
While this is true, the regulators like and sometimes require that an organization define and disclose (to a degree) its risk appetite.
There are times when a risk appetite and reports of whether it is being exceeded are useful.…
…when making a decision that exposes you to a loss (such as when you are considering…
