Fundamentals of Risk Management
Importance of risk appetite
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- FIgURE 25.3
- Risk culture 310
|
Importance of risk appetite
309 risk management standards, as well as those that are under development, all state that organizations should recognize their risk appetite at an early stage. Although ISO 31000 does not explicitly use the phrase ‘risk appetite’, it suggests that an organ- ization should establish the risk criteria at an early stage. This appears to contradict a key tenet of risk management, which is to say that risks should not be managed out of context. Just as risks should not be managed out of context, so the identification of risk appetite out of context is illogical and probably impossible. Risk appetite has to be identified within the context of the organization, its strategy, tactics, routine operations and compliance core processes. There can be no doubt that the topic of risk appetite will receive more attention in future, and risk management practitioners need to get a better understanding of what this concept means and how it can be applied. The riskiness index described in Chapter 14 takes a somewhat different approach. FIgURE 25.3 Risk appetite, exposure and capacity (vulnerable) Critical zone Concerned zone Cautious zone Comfort zone Impact Likelihood Risk exposure Risk capacity Actual risk exposure Ultimate risk capacity Risk culture 310 Organizations, just like individuals, do not actively seek risk. An individual may be described as a risk taker, but the reality will be that such a person enjoys activities that have a high level of risk attached. It is the activity that appeals to the individual in the first instance, not the actual risk. People may be identified as risk takers because they have a high-risk hobby or pastime. That does not mean that the risk taking for this individual will extend to crossing a busy road without looking. In other words, risk taking has to be seen within the context of the activity and the intended rewards. Organizations are similar in that it is the strategy, project or activity that appeals to the board, not the actual risk. An organization may embark on a risky strategy, approve a risky project or be operating risky activities or core processes. However, it is the business drivers and imperatives that are the primary concern for board mem- bers, not the level of risk involved. It is more often the case that the level of risk comes with the defined strategy, rather than the risk appetite defining the strategy. Download 3.45 Mb. Do'stlaringiz bilan baham: 
|