Every day, each of us intuitively operates within the framework of our own personal appetite for various things (e.g. food) without a hitch. Perhaps that is what makes the enterprise risk management (ERM) concept of “risk appetite” appear so simple on its surface. However, as the ERM community has discovered over time, articulating and utilizing risk appetite is actually a uniquely challenging component of the enterprise risk management process. In this article published in the Spring 2012 issue of Corporate Risk Canada, author Rob Quail acknowledges the confusion that risk appetite has caused amongst ERM practitioners.
Quail points out that much of the professional guidance surrounding risk appetite cryptically advises organizations to develop a singular, broad statement of the desire, or “appetite,” for risk-taking across all the organization’s strategic objectives. Oftentimes, this pursuit leads to results that simply aren’t meaningful to a company in its risk management process. In an effort to correct this issue, Quail explains his idea of what risk appetite should do for an organization, and also lays out a method for exploring risk appetite that drives discussion and creates measurable results.
Back to Basics
In this article, Quail reminds readers that risk appetite should:
- be oriented around improving actual business decision-making throughout the organization,
- be concretely centered around an enterprise’s strategic objectives, and
- address each strategy individually; it is not optimal to simply create a blanket risk appetite statement for the organization as a whole
Risk Appetite Methodology
The risk appetite method that Quail explains in the article primarily asks risk managers to collectively compare their organization’s so-called “target” risk appetite for each strategy with the risk appetite that their organization currently demonstrates in its actual decision-making in relation to each strategy. The risk appetites for each strategy are scored using a rating scale similar to those used in the assessment of individual risks.
Quail suggests that organizations should then plot the assessment data on a “spider charter.” This circular chart allows you to see the risk appetite for each strategy on the same graphic, and also allows for comparison of the target and actual risk appetites for each strategy. The full article contains figures showing the risk appetite assessment scale and samples of spider charts.
Overall, the author demonstrates that organizations can better incorporate risk appetite into their current ERM practices by adopting a methodology that creates measurable, comparable data about risk appetite – much like the data created by other components of the ERM process. By departing from the practice of trying to land on a blanket risk appetite statement, ERM practitioners can address each individual enterprise strategy more effectively. They can also begin to disseminate a consistent, understandable expectation regarding the degree and type of risk that decision-makers throughout the organization should be taking or avoiding on a day-to-day basis.