Few concepts of enterprise risk management (ERM) have stimulated more discussion, debate, and confusion than “risk appetite.” This chapter describes an approach for the development of a meaningful expression of risk appetite in the context of the overall strategic objectives of an organization.

INTRODUCTION

Many ERM authorities seem to agree that risk appetite is a vitally important aspect of ERM. For example, the National Association of Corporate Directors (NACD) has said, “a risk appetite statement resides at the heart of an effective risk management program and is linked to the organization's overall risk management philosophy and strategic ambition” (NACD 2009). The Committee of Sponsoring Organizations (COSO) has gone so far as to state that “at its core, risk appetite is critical to organizational success” (COSO 2020).

Some regulators, especially in the financial services sector, agree. For example, the Basel Committee on Banking Supervision (BCBS) advises that boards “should approve and review a risk appetite and tolerance statement for operational risk that articulates the nature, types, and levels of operational risk that the bank is willing to assume” (BCBS 2011). The Financial Stability Board issued a guidance on Risk Appetite Frameworks that said “Establishing an effective Risk Appetite Framework helps to reinforce a strong risk culture at financial institutions, which in turn is critical ...