RISK APPETITE.
An organization must consider its risk appetite at the same time
it decides which goals or operational tactics to pursue. To determine risk
appetite, management, with board review and concurrence, should take three
steps:
1. Develop risk appetite
2. Communicate risk appetite
3. Monitor and update risk appetite
Develop Risk Appetite
Developing risk appetite does not mean the organization shun risk
as part of its strategic initiatives. Quite the opposite. Just as organizations
set different objectives, they will develop different risk appetites. There is
no standard or universal risk appetite statement that applies to all
organizations, nor is there a “right” risk appetite. Rather, management and the
board must make choices in setting risk appetite, understanding the trade-offs
involved in having higher or lower risk appetites
Communicate Risk Appetite
Several common approaches are used to communicate risk appetite.
The first is to create an overall risk appetite statement that is broad enough
yet descriptive enough for organizational units to manage their risks consistently
within it. The second is to communicate risk appetite for each major class of
organizational objectives. The third is to communicate risk appetite for
different categories of risk.
As an organization decides on its objectives and its
approach to achieving strategic goals, it should consider the risks involved,
and its appetite for such risks, as a basis for making those important
decisions. Those in governance roles should explicitly understand risk appetite.
Posted by Mkomweke Zubeda S.
No comments:
Post a Comment