Fundamentals of Risk Management
Importance of risk appetite
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Point B Increasing loss Increasing gain Increasing hazard exposure Increasing opportunity investment
- Risk culture 308
|
Importance of risk appetite
307 FIgURE 25.2 Risk and uncertainty Range of possible outcomes (95%) Risk appetite Point A Best possible outcome (95%) Worst possible outcome (95%) Hazard exposure Control acceptance Opportunity investment Range of possible outcomes (95%) Risk appetite Point B Increasing loss Increasing gain Increasing hazard exposure Increasing opportunity investment willing to accept exposure to certain hazard risks as part of its normal operations. Guide 73 defines risk appetite as the ‘amount and type of risk that an organization is willing to pursue or retain’. There will be a cost associated with hazard risks, both in terms of the cost of incidents that do occur and also in terms of the cost of loss-prevention, damage- limitation and cost-containment activities, including insurance costs. For each hazard risk, there will be a range of possible outcomes, all of them negative, and this is illustrated in Figure 25.2. The organization will need to quantify the possible hazard risks and costs associated with those risks. It should be able to decide how much hazard risk it will tolerate, and this is part of the total risk appetite. Although the organization may decide how much hazard risk it will tolerate, the actual exposure to hazard risks may be greater than anticipated. Many hazard risks are subject to legislation and organizations therefore face the compliance risks associated with that regulated hazard. Almost all organizations tend to have a zero-risk appetite for non-compliance with legislation. Risk culture 308 Also, all organizations face uncertainties and the control risks that give rise to these uncertainties. These are risks linked to events that, if they materialize, will have uncertain outcomes. As an example of control risks, if all fraud controls in an organization were removed, there would be a net saving represented by the cost of the controls. However, fraudulent behaviour might result and substantial losses might be suffered, but there would be uncertainty about how much fraud would actually result from the removal of all controls. There will be control risks embedded within the projects that the organization is currently undertaking. The cost of necessary controls may be part of the overall budget for a project. When planning a large project, it would be unwise not to include the cost of necessary controls in the budget for the project. The cost of the controls within the project budget represents the control acceptance of the organization. Download 3.45 Mb. Do'stlaringiz bilan baham: 
|