Getting Practical on Risk Appetite and Risk Tolerance

December 2011 Bonus Resource

Over the past year, I’ve helped many management teams and boards get clarity about the concepts of risk appetite and risk tolerance. They came to me because, although there is a lot of chatter on the topics of risk appetite and tolerance, much of the literature is so jargon-filled that it’s a struggle to find the practical application of the concept.

Over the summer Melanie Herman, Executive Director of the Nonprofit Risk Management Center, invited me to co-author a white paper* with her on the topic of risk appetite. I jumped on the opportunity to distill my practical experience into a simple process that any organization can use to articulate its risk appetite and effectively integrate it in their decision-making. Here are the 5 steps of the process:

  1. Define parameters (principles) for risk-taking
  2. Calibrate the organization’s appetite for each major category of risk
  3. Verify that the organization’s risk taking culture is aligned with the risk appetite statement
  4. Apply the risk appetite statement when evaluating risks
  5. Review risk appetite statements on a periodic basis

There is only room to provide details on part of the approach in this article, so I’ve chosen to share the first step in the risk appetite articulation process because it is essential for correctly framing the risk appetite discussion by the executive team and the Board.

Defining the parameters or principles for risk-taking involves reflecting on the organization’s mission and its corporate strategies aimed at achieving that mission. For example, a nonprofit whose mission is to help low-income residents of a rural community may decide its core strategy is to work through existing social services agencies rather than serve clients directly. An innovative partnership with a new agency would be mission and strategy-consistent. An innovative program to deliver services directly (eliminating the “middle-man”) would not.

Here are a few questions that you can use to define your organization’s parameters for risk-taking:

  • What must exist for risk-taking to be palatable?

For example:

  • promise of/potential for mission-advancement
  • consistent with tax-exempt purpose (for nonprofits)
  • commitment and clear strategies to learn from success or failure
  • calculation of the cost of failure and consideration of organizational responses if the risk doesn’t pay off
  • What level of unrestricted net assets is available for risk-taking? By risk-taking we mean doing something for which the outcome is highly uncertain but potentially mission-advancing.
  • What risks would the organization never take? For example, the board of a professional society may decide that any risk-taking that could negatively impact the stature of members is unacceptable.
  • What is the Board’s comfort with respect to the organization’s reputation? You’ll want to begin by determining if the organization’s current reputation is fragile, solid, improving, declining, etc. Then see if you can uncover what principles management and the board are currently or would like to apply for decisions that impact reputation. For example, an organization that is viewed by stakeholders as old-fashioned or out of touch may take bold risks to change that reputation, while an organization with a reputation for trustworthiness would never take a risk that might cause stakeholders to question its integrity.

Employees and managers need to understand the organization’s parameters for risk-taking to ensure that their decisions lead to the most efficient and effective use of resources and balance potential upside and downside effects. In the absence of a clear statement of risk appetite, it is left to each manager and employee to infer what he or she believes is the organization’s risk appetite. Invariably this leads to inconsistent risk taking and situations where risk is either under- or over-managed. Either case can result in sub-optimal organizational performance and resilience.

* The complete white paper (including a more detailed explanation of how-to articulate and apply a risk appetite and risk tolerance framework) is available in the second edition of Ready… or Not: A Risk Management Guide for Nonprofit Executives.

Follow the links to:

  • Read this month's Feature ArticleRisk Management Basics – Step 3: Integrate ERM into Business Practices
  • Download a printable version of the entire December 2011 Issue of the Risk Management Made Simple Advisory.
  • View the Article Index to access back issues of the Risk Management Made Simple Advisory.

Current Special Offers for Subscribers

Current Special Offers for Subscribers

The codes to access the following special offers have been emailed to The Mobilize for Growth™ Advisory subscribers:

  • SPECIAL INTRODUCTORY OFFER:  Free registration ($145 value) for Virtual Learning Bites in April.  There is a maximum of 10 spots per course, available free of charge on a first come, first served basis (April 1 - 30, 2019).  Two risk quantification Virtual Learning Bites from NavIncerta on the Italian Flag technique and on the Range Assessment technique.  (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.
  • SPECIAL OFFER: $200 off the full fee for The Mobilize for Growth™ Advisory subscribers on NavIncerta's Virtual Learning Lab on Risk Management and Quantification (April 1 - June 28, 2019).  (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

  • SPECIAL OFFER: $500 off the full fee for The Mobilize for Growth™ Advisory subscribers on Module 1 of the Masters Certificate in Risk Management and Business Performance Leadership presented by the Schulich School of Business Executive Education Centre (April 29 - May 3, 2019).  Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

Not yet a subscriber, but want to access these special offers?

When you subscribe to the Advisory, we'll send you the code for all current special offers along with a link to your New Subscriber Bonus, a copy of Moving Beyond the Risk Map to Operational Vigilance.

FIND OUT FOR YOURSELF why risk management leaders subscribe, click to access the ARTICLE INDEX of all past issues of the Risk Management Made Simple Advisory.

"I save and study each issue of the Advisory. I appreciate how Diana gives very practical advice and links it to fundamental theories and best practices." 

Sherrie Hyde, Risk Manager, Lutherwood


Moving Beyond the Risk Map to Operational Vigilance

Read more about the Risk Management Made Simple Advisory.

"It is so refreshing to read a newsletter that offers real solutions for risk management challenges."
Cathy Taylor
Director, Risk
Kinross Gold Corporation

Jump Start your risk management program.

Receive personalized advice from Risk Wise

See Details

Diana's Pick

The Neuroscience of Enterprise Risk Management (written by Diana Del Bel Belluz of Risk Wise) expores findings from the field of neuroscience and shares practical tips on how to apply them to enhance individuals' risk management thinking and implement brain-friendly ERM practices in organizations.

The article was published by The Conference Board of Canada in the Autumn 2017 issue of the journal Risk Watch.