Strictly, risk appetite means the amount and types of risk that an organisation is willing to accept in pursuit of value, improved financial performance or of other benefits, with management responsible for setting boundaries or parameters for risk taking.
- Risk tolerance represents the amount of risk that the firm can actually bear.
- Risk appetite is the amount of risk that is actually desired. This might be seen in relation to the return sought by investors. Reward is normally only gained by taking risks, so limiting risk will limit reward.
Risk appetite will normally be less than - or sometimes equal to - the maximum risk tolerance.
Any risk responses should be designed such that the 'net' (residual) risk after considering controls does not exceed these boundaries.
'Conservative' strategies are those in which only the lowest levels of risk are acceptable.
More 'aggressive' approaches to risk mean that higher levels of risk may be acceptable, if they are appropriately rewarded.
The risk appetite will be determined within the maximum risk capacity, in order to achieve the strategic objectives and business plan.
The term 'risk appetite' is also sometimes used more loosely, interchangeably with risk attitude, risk capacity or risk tolerance.
- Enterprise risk management
- Guide to risk management
- Rewarded risk
- Risk averse
- Risk capacity
- Risk management
- Risk policy
- Risk register
- Risk tolerance
Risk appetite and risk tolerance: Practical guidance, www.theirm.org