Adopting and embedding risk appetite and tolerances is not only essential for financial services organizations to make informed, risk-based decisions, but also supports the long-term health and success of the institution.
As a core component of an effective enterprise risk management (ERM) framework, risk appetite is more than a metric, COSO points out in Risk Appetite – Critical to Success. It “can lead an organization to proactive, forward-looking opportunities that tie appetite and strategy together for future action.”¹
In its ERM guidance on Understanding and Communicating Risk Appetite, COSO differentiates between the terms “risk appetite” and “risk tolerance,” which are commonly confused. While a risk appetite statement broadly defines the types and amount of risk an organization is willing to accept in pursuit of value, risk tolerances apply risk appetite to specific objectives, setting the boundaries of acceptable performance variations. Risk tolerance should ideally be measured using the same metrics that define success in meeting the associated objective.
“Risk tolerances guide operating units as they implement risk appetite within their sphere of operation. Risk tolerances communicate a degree of flexibility, while risk appetite sets a limit beyond which additional risk should not be taken.”²
After risk policies are defined and understood by stakeholders, organizations must align their risk appetite and tolerance strategy for continuous business function. Successful organizations not only seek to maximize shareholder outcomes and short-term gains, but also consider long-term sustainability.
Learn more about ERM program fundamentals in our 2-part series >
“For many organizations, monitoring risk tolerances requires a culture that is aware of risk and risk appetite. Management, by revisiting and reinforcing risk appetite, is in a position to create a culture whose organizational goals are consistent with the board’s, and to hold those responsible for implementing risk management within the risk appetite parameters.”³
Determining which risks to take and avoid is critical for sustaining growth and remaining competitive. Developing a shared framework for defining, communicating, and monitoring risk appetite and tolerances — one stemming from a risk-aware culture that starts with senior management — helps your institution align risk management practices with performance goals and take corrective actions as needed.
1. Risk Appetite – Critical to Success: Using Risk Appetite to Thrive in a Changing World, © 2020 Committee of Sponsoring Organizations of the Treadway Commission (COSO). All rights reserved. Used with permission.
2 & 3. Enterprise Risk Management: Understanding and Communicating Risk Appetite, © 2012 Committee of Sponsoring Organizations of the Treadway Commission (COSO). All rights reserved. Used with permission.