Getting Practical on Risk Appetite and Risk Tolerance

December 2011 Bonus Resource

Over the past year, I’ve helped many management teams and boards get clarity about the concepts of risk appetite and risk tolerance. They came to me because, although there is a lot of chatter on the topics of risk appetite and tolerance, much of the literature is so jargon-filled that it’s a struggle to find the practical application of the concept.

Over the summer Melanie Herman, Executive Director of the Nonprofit Risk Management Center, invited me to co-author a white paper* with her on the topic of risk appetite. I jumped on the opportunity to distill my practical experience into a simple process that any organization can use to articulate its risk appetite and effectively integrate it in their decision-making. Here are the 5 steps of the process:

  1. Define parameters (principles) for risk-taking
  2. Calibrate the organization’s appetite for each major category of risk
  3. Verify that the organization’s risk taking culture is aligned with the risk appetite statement
  4. Apply the risk appetite statement when evaluating risks
  5. Review risk appetite statements on a periodic basis

There is only room to provide details on part of the approach in this article, so I’ve chosen to share the first step in the risk appetite articulation process because it is essential for correctly framing the risk appetite discussion by the executive team and the Board.

Defining the parameters or principles for risk-taking involves reflecting on the organization’s mission and its corporate strategies aimed at achieving that mission. For example, a nonprofit whose mission is to help low-income residents of a rural community may decide its core strategy is to work through existing social services agencies rather than serve clients directly. An innovative partnership with a new agency would be mission and strategy-consistent. An innovative program to deliver services directly (eliminating the “middle-man”) would not.

Here are a few questions that you can use to define your organization’s parameters for risk-taking:

  • What must exist for risk-taking to be palatable?

For example:

  • promise of/potential for mission-advancement
  • consistent with tax-exempt purpose (for nonprofits)
  • commitment and clear strategies to learn from success or failure
  • calculation of the cost of failure and consideration of organizational responses if the risk doesn’t pay off
  • What level of unrestricted net assets is available for risk-taking? By risk-taking we mean doing something for which the outcome is highly uncertain but potentially mission-advancing.
  • What risks would the organization never take? For example, the board of a professional society may decide that any risk-taking that could negatively impact the stature of members is unacceptable.
  • What is the Board’s comfort with respect to the organization’s reputation? You’ll want to begin by determining if the organization’s current reputation is fragile, solid, improving, declining, etc. Then see if you can uncover what principles management and the board are currently or would like to apply for decisions that impact reputation. For example, an organization that is viewed by stakeholders as old-fashioned or out of touch may take bold risks to change that reputation, while an organization with a reputation for trustworthiness would never take a risk that might cause stakeholders to question its integrity.

Employees and managers need to understand the organization’s parameters for risk-taking to ensure that their decisions lead to the most efficient and effective use of resources and balance potential upside and downside effects. In the absence of a clear statement of risk appetite, it is left to each manager and employee to infer what he or she believes is the organization’s risk appetite. Invariably this leads to inconsistent risk taking and situations where risk is either under- or over-managed. Either case can result in sub-optimal organizational performance and resilience.

* The complete white paper (including a more detailed explanation of how-to articulate and apply a risk appetite and risk tolerance framework) is available in the second edition of Ready… or Not: A Risk Management Guide for Nonprofit Executives.

Follow the links to:

  • Read this month's Feature ArticleRisk Management Basics – Step 3: Integrate ERM into Business Practices
  • Download a printable version of the entire December 2011 Issue of the Risk Management Made Simple Advisory.
  • View the Article Index to access back issues of the Risk Management Made Simple Advisory.

Current Special Offers for Subscribers

Current Special Offers for Subscribers

The codes to access the following special offers have been emailed to all Risk Management Made Simple Advisory subscribers:

  • SPECIAL OFFER: $460 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Resilience 2017 to be held on April 24-26, 2017 in Edmonton, AB. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

  • SPECIAL OFFER: $150 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Canadian Privacy Summit 2017 to be held on May 2-3, 2017 in Toronto, ON. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

Not yet a subscriber, but want to access these special offers?

When you subscribe to the Advisory, we'll send you the code for all current special offers along with a link to your New Subscriber Bonus, a copy of Moving Beyond the Risk Map to Operational Vigilance.

FIND OUT FOR YOURSELF why risk management leaders subscribe, click to access the ARTICLE INDEX of all past issues of the Risk Management Made Simple Advisory.

"I save and study each issue of the Advisory. I appreciate how Diana gives very practical advice and links it to fundamental theories and best practices." 

Sherrie Hyde, Risk Manager, Lutherwood

FREE DOWNLOAD

Moving Beyond the Risk Map to Operational Vigilance

Read more about the Risk Management Made Simple Advisory.

"It is so refreshing to read a newsletter that offers real solutions for risk management challenges."
Cathy Taylor
Director, Risk
Kinross Gold Corporation

Jump Start your risk management program.

Receive personalized advice from Risk Wise

See Details

Diana's Pick

Neuroscience and the Nonprofit Manager (written by Andy  Segedin and published in the NonProfit Times) shares some of the tips on how to counteract common biases and habits that impede effective decisions.

The article is based on a workshop that Diana Del Bel Belluz of Risk Wise presented at the 2015 Risk Summit organized by the Nonprofit Risk Management Center.