Most people understand the overarching concept of risk appetite.  They recognize that risk appetite should reflect the organization’s stakeholder willingness to take risks that management and the board use to make key decisions for the business. However, executives sometimes struggle to find ways to put their risk appetite into words so they can cascade that across the organization to business leaders who need it to make prudent business decisions. 

In an earlier video interview (see link here), Mark Beasley interviewed Frank Martens about COSO’s new thought paper, Risk Appetite – Critical to Success, which he co-authored with Larry Rittenberg for COSO.  In this second interview, Mark further explores with Frank a number of key issues business leaders should consider when they are thinking about risk appetite for their organization.

Frank begins by describing how articulating an organization’s risk appetite can be helpful to strategic decision-making.  He provides practical insights of factors business leaders may want to consider as they attempt to operationalize various appetites for risk taking that business leaders need to understand as they make different business decisions. He also highlights that while some organizations may have an overarching, high level description of risk appetite for their organization, it is important for the entity to recognize the importance of providing more detailed descriptions of different risk appetites for different kinds of risks facing the enterprise. For example, an entity may have little appetite for violating laws or regulations, but it may have a higher appetite related to failures related to new product innovations.

Frank describes how an organization’s leaders might start on their journey towards defining risk appetite.  He gives his views of a good place to start when thinking about risk appetite, beginning with the mission and vision of the organization and the overall strategic direction and goals of the enterprise.

He also describes practical ideas for how business leaders might communicate different risk appetite expectations across different types of enterprises.  He emphasizes that the language used to communicate risk appetite has to be developed in context with the culture of the organization.  For example, some organizations may communicate risk appetite with more quantitative terms while other organizations may describe things more qualitatively.

Many of these concepts are described more fully in COSO’s thought paper, which can be downloaded for free from the COSO website (www.coso.org). 

Read ERM articles as soon as we post them

Keep up-to-date with current developments in ERM. Subscribe to the ERM Newsletter.

Privacy Policy

ERM Enterprise Risk Management Initiative 2020-07-07