A survey by IBM sought input from a pool of representative financial institutions to better understand the various connections between risk appetite and key risk-related business processes.  This research was based on the belief that risk appetite is the cornerstone to modern bank management.  The study showed that while good foundations exist, there is still a strong desire to enhance the management of risk appetite through a stronger partnership among risk, finance and the business. 

The survey questions were designed to consider all five aspects of risk appetite:

The business strategy

Survey respondents unanimously agreed that a company’s risk appetite should reflect its business strategy, particularly when evaluating strategic decisions regarding mergers and acquisitions, product portfolio and geographical expansion.  Operational and organizational design ranked as having a less direct relationship with risk appetite. 

The expectations of stakeholders at different time horizons

The difficulty of considering both short-term and long-term time horizons has been recognized by the business community.  With the limitations of risk measurements and their ability to consider many horizons, most respondents agree that the best way to tackle the issue is to clearly state time preferences when making business decisions.

The characteristics of the risk-bearing entities

Every survey respondent agreed that an organization’s risk management capabilities should be reflected in its risk tolerance.  Skills, processes and systems should be considered at all units and business lines.

The nature and characteristics of the risks undertaken

The magnitude of a risk alone can’t be the defining factor in making decisions about its exposure since mathematical calculations alone do not take into consideration the complexity of event dynamics or human judgment.  However, a key consideration is focusing on the ability to reduce one risk exposure over another. 

The possible contagion of risk situations across organizational units, assets-at-risk, and future time horizons

One of the biggest lessons the recent financial crisis has taught is the capability of losses to occur on assets that are far removed from the initial impact.  Contagion paths, whether or not formed through financial linkage, can be difficult to spot and catastrophic at the same time.  Identifying all sources of potential risk is necessary for both overall risk management and discovering contagion.  Albeit ambitious, the majority of respondents noted that contagion is a major factor to consider.

The survey also reported the following findings on risk appetite:

  • Over 75% of respondents allocate capital after decisions are made rather than according to risk appetite.
  • A large portion of respondents limit the management of risk appetite to the setting of indicators at the beginning of the capital planning cycle. 
  • 27% have implemented risk appetite management at the enterprise level.
  • Almost all respondents assess risk appetite on a qualitative basis, although a shift towards more quantitative measure is expected in the coming years.
  • Rating agencies, executives and directors were seen as the most sensitive to risk appetite.
  • The survey indicated most companies see data, data integration and quality as the most significant challenge to implementing the processes required for effective risk appetite management but also believe that existing data and processes can be leveraged upon.


IBM believes risk appetite should be brought to the forefront of discussions in organizations that are attempting to integrate risk and finance management progressively integrated in day-to-day management systems.  The components of risk management suggested by IBM to be applied on a consistent basis include:

1. Business Management: Drive behavior
2. Financial Management: Optimize value creation
3. Prudential Compliance: Meet prudential requirements
4. Risk Management: Tailor risk profile
5. Enterprise Decisioning: Select projects and transactions

Click below to download article

Link: IBM Financial Services

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2008-04-01