Example of a High-Level Approach for Boards to Determine Risk Appetite

April 2011 Bonus Resource

Employees and managers need to understand the organization’s risk criteria (i.e., risk appetite and tolerance) to ensure that their decisions lead to the most efficient and effective use of corporate resources and balance potential upside and downside effects.In the absence of a clear statement of risk appetite, it is left to each manager and employee to infer what he or she believes is the organization’s risk appetite. Invariably this leads to situations where risk is either under- or over-managed. Either case can result in sub-optimal organizational performance and resilience, e.g.:

  • Under-managing risks through overly aggressive risk-taking exposes the organization to unnecessary or poorly mitigated losses. In a highly aggressive risk-taking culture, risks may be taken for short-term gains, without considering the impact on the organization in the long term.
  • Over-managing risks through overly cautious risk-taking wastes management resources and diminishes the organization’s ability to exploit opportunities. In a highly risk averse culture, an organization avoids loss at almost any cost, including foregoing opportunities to advance its mission.

In most organizations, the articulation of risk appetite is accomplished jointly by the executive team and the board, with the board having ultimate responsibility to approve the risk appetite statement. In the December 2010 issue of the Risk Watch journal*, Douglas W. Brooks, President and CEO of AEGON Canada shares a pragmatic approach to help boards to determine risk appetite:

A facilitated session is an ideal approach, based on information from management on:

  •  current risk profile; 
  • industry comparators;
  • investor expectations; and
  • rating agency or regulatory requirements.

The session should incorporate the following three actions:

1.   Determine the principles.

  •  Which risks does the company want and not want to take?
  • For financial risks, what sensitivities will be used to monitor risk profile?
  • How many of these risks is the company willing to take?

2.   Discover the implications of these principles, based on management information and models:

  •  Which sensitivities result from applying the results? 
  •  Which actions would have to be taken to bring the company within these parameters?

3.   Do the “tummy test.”

  • What is the level of comfort of the board with the resulting volatility in earnings or other measures?
  • How do these results compare with investor expectations?
  • Are the board and management comfortable in defending these results to stakeholders?”

This approach can easily be adapted for organizations in the government and not-for-profit sectors.

* The December issue of the Risk Watch journal (including the full article by Doug Brooks and four additional articles by thought leaders in risk and governance) is available for purchase from The Conference Board of Canada.

Follow the links to:

  • Read this month's Feature Article - Basics of Risk Managment - Step 1: Define the Context and Criteria for Enterprise Risk Management
  • Download a printable version of the entire April 2011 issue of the Risk Management Made Simple Advisory.
  • View the Article Index to access back issues of the Risk Management Made Simple Advisory.

Current Special Offers for Subscribers

Current Special Offers for Subscribers

The codes to access the following special offers have been emailed to all Risk Management Made Simple Advisory subscribers:

Not yet a subscriber, but want to access these special offers?

When you subscribe to the Advisory, we'll send you the code for all current special offers along with a link to your New Subscriber Bonus, a copy of Moving Beyond the Risk Map to Operational Vigilance.

FIND OUT FOR YOURSELF why risk management leaders subscribe, click to access the ARTICLE INDEX of all past issues of the Risk Management Made Simple Advisory.

"I save and study each issue of the Advisory. I appreciate how Diana gives very practical advice and links it to fundamental theories and best practices." 

Sherrie Hyde, Risk Manager, Lutherwood


Moving Beyond the Risk Map to Operational Vigilance

Read more about the Risk Management Made Simple Advisory.

"It is so refreshing to read a newsletter that offers real solutions for risk management challenges."
Cathy Taylor
Director, Risk
Kinross Gold Corporation

Jump Start your risk management program.

Receive personalized advice from Risk Wise

See Details

Diana's Pick

The Neuroscience of Enterprise Risk Management (written by Diana Del Bel Belluz of Risk Wise) expores findings from the field of neuroscience and shares practical tips on how to apply them to enhance individuals' risk management thinking and implement brain-friendly ERM practices in organizations.

The article was published by The Conference Board of Canada in the Autumn 2017 issue of the journal Risk Watch.