Risk e-Views Vol 1 September 2010 – Risk Appetite

Meeting Your Challenge of Setting Risk Appetite
A well defined risk appetite endorsed by Executive Management and the Board is the singular most important element for establishing the risk culture you want for your organisation.  Like many things in life, the best things don’t come easily though.  The two greatest challenges are:

  1. Dealing with disinterested Executive Management.
  2. Agreeing a risk tolerance that may be viewed by many as socially unacceptable or immoral.


Disinterested Management

A disinterested Executive means they have not made the link between risk appetite and the behaviour of staff.  Whether they like it or not, staff are absorbing signals from management and making their own assumptions about the organisation’s appetite for risk and they are making their judgements accordingly.  In the absence of a well articulated risk appetite it is certain that some of the staff will have misinterpreted the risk appetite the Executive desire.

To win over the Executive you simply need to work backwards from the decision making of staff to the signals being sent by management.  Use examples to point out how the signals flowed through the organisation.


Socially Unacceptable Tolerances

For many organisations, principally those only with office workers, it is simple to articulate any loss of life to be “catastrophic” for the organisation.  However, even for these organisations, one death does not usually mean the extinction of the organisation.  The real challenge comes for organisations that know they will experience events that are socially unacceptable to many such as mining, oil and construction companies where lives may be lost and environmental calamities may occur.  To avoid these at all cost would mean the organisation could not operate, yet society wishes for the organisation to exist to provide goods or services we desire.

To manage this when documenting risk appetite you can distinguish between risk events that are due to negligence versus risk events that have occurred despite the efforts expected by a “reasonable person”.  As an example, you can document an acceptance of risk that there will be fatalities in your business due to the risks of international travel that a “reasonable person” would assume in their role.  This might include flying with an airline that is accredited and maintained to international standards while avoiding airlines that are not.