Effectively communicate risk appetite to stakeholders
- Gartner client? Log in for personalized search results.
Risk Appetite Framework
Build a compelling narrative to communicate the value of risk appetite as a decision-making tool.
Despite the benefits of risk appetite statements as decision-support tools, 42% of organizations still do not have an established risk appetite statement. Risk appetite helps organizations to determine whether they are taking appropriate risks while pursuing strategic objectives; however, many organizations have failed to make it actionable and meaningful for decision making.
Download the ready to use risk appetite framework to:
- Quickly and easily draft risk appetite statements
- Help stakeholders articulate risk appetite and tolerance
- Identify opportunities to mature the organization’s current risk appetite
About the Risk Appetite Framework
Failing to generate a commonly understood articulation of risk appetite leads to employees, risk owners, risk managers, executives and board members without a common understanding of the organization’s risk-taking posture. Poor application of risk appetite to organizational units (e.g., in the form of risk tolerance or specific guidance) leads to stakeholders being unable to apply the organization’s risk appetite in the course of their regular decision making. A properly articulated and cascaded risk appetite creates guardrails for decision makers to operate within, enabling informed risk taking.
Heads of ERM can use this framework, which includes fields for risk appetite ratings, statements, indicators and risk tolerance, to communicate risk appetite in the context of organizational decision making and strategy.
Risk Appetite Framework FAQs
What is Risk Appetite?
Risk appetite is a statement that broadly considers the risk levels that management deems acceptable.
How can heads of ERM use this risk appetite framework?
Heads of ERM can refine and apply this framework to help senior leaders and the board to understand the purpose of the risk appetite statement, when and how to apply the risk appetite should be applied, as well as reporting, escalation and exception processes.
How do I set risk tolerance within my organization?
Establishing risk tolerance thresholds helps organizations monitor their adherence to risk appetite by quantifying the levels of acceptable risk.
- If enterprise risk management (ERM) already has key risk indicators (KRIs) in place, the best approach to setting risk tolerance is using a combination of KRIs to aggregate overall risk tolerance for risk appetite.
- For ERM programs that do not use KRIs, collaborate with risk owners to determine a specific tolerance level for the risk in the form of a single metric.