Risk Appetite and Tolerance November 2018 The Institute
Risk Appetite and Tolerance November 2018 The Institute of Operational Risk Scottish Conference 2018 ©
Agenda • Appetite and Tolerance • Hygiene Factors • Practical Considerations • 5 Success Factors • Questions ©
Appetite v Tolerance Appetite. . . . what we want to do “The amount and type of risk that an organisation is willing to take and retain in order to meet their strategic objectives. ” Tolerance. . . what we don’t want to do “When push comes to shove the organisation might just be able to put up with it. ” ©
Hygiene Factors • Capacity, Capability and Maturity • Integration with Control Environment • Flexibility: strategic, tactical and operational level • Behaviours • Governance • Relevance ©
Practical Considerations • Theory versus Practice • Allocation below Executive • Relationship with Risk Framework • Commerciality ©
5 Success Factors 1. Managers making decisions understand the degree to which they (individually) as permitted to expose the organisation to the consequences of an event or situation. 2. Executives understand their aggregated and interlinked level of risk so that they can determine whether it is acceptable (or not). 3. Board and Executive leadership understand the aggregated and interlinked level of risk for the organisation as a whole. 4. Managers and Executive are clear that risk appetite is not a constant. It changes as the environment and business conditions change. 5. Risk decisions are made with full consideration of risk and reward. Risk Appetite Frameworks support achieving business objectives NOT preventing them.
- Slides: 6