Question

Telecommunication Governance 1:

Note:Very Important to add at least 4 bibliographical sources and must cover at least 3 pages of information.

Explain in detail, illustrate examples and applications:

Define and explain Risk Appetite and Risk Tolerance and Threshold, explain their importance in the establishment of a sound ERM plan.

Answer 1

Risk appetite and tolerance

Risk appetite can be defined as ‘the amount and type of risk that an organisation is willing to take in order to meet their strategic objectives. Organisations will have different risk appetites depending on their sector, culture and objectives. A range of appetites exist for different risks and these may change over time.

Risk appetite and tolerance need to be high on any board's agenda and is a core consideration of an enterprise risk management approach. IRM’s guidance provides practical direction, advice and information to support boardroom debate.

While risk appetite will always mean different things to different people, a properly communicated, appropriate risk appetite statement can actively help organisations achieve goals and support sustainability.

“The risk appetite statement is generally considered the hardest part of any enterprise risk management implementation. However, without clearly defined, measurable tolerances the whole risk cycle and any risk framework is arguably at a halt”. Jill Douglas, Head of Risk, Charterhouse Risk Management

Risk appetite and performance

While risk appetite is about the pursuit of risk, risk tolerance is about what an organisation can actually cope with.

Organisations have to take some risks and avoid others. To do so, they need to be clear about what successful performance looks like. This question may be easier to answer for a commercial organisation than for a government department, but can usefully be asked by boards in all sectors.

At its most fundamental level, risk appetite is “the level of exposure an organization is willing to take” in pursuit of strategic objectives, according to the ISO 31000:2018 ERM standard.

Risk appetite should be used continuously, but it especially becomes important during the risk assessment and analysis phases of the process when decisions have to be made on how to handle a particular risk or opportunity.

Executives express the level of risk they’re will to take in a specific area through a risk appetite statement.

CEB/Gartner explains that a well-defined and properly communicated risk appetite statement:

The concept of risk appetite is probably the most confusing and controversial part of the enterprise risk management process.

If you do a search for risk appetite, you will find a wide variety of perspectives on how to develop and use it.

While there may be an implied risk appetite or a generic statement on file somewhere in the organization, it is too often not a useful tool for knowing the right type and amount of risk decision-makers should take in pursuit of strategic objectives.

As any risk professional will tell you, there is sometimes confusion and misunderstanding around terms used widely in the field of risk management. If you want to know the exact definition of a specific risk term by researching it on the internet, you may come across multiple definitions for the same term. This can be frustrating for people who need to explain risk management concepts within their organization and implement .

If you are building your risk management framework, and need to define risk management terms, you will likely need to understand and define “Risk Appetite”. If you do a search on the internet for risk appetite, you will find many explanations that define risk appetite as the level of risk that an organization can tolerate. Evidently, many professionals use risk appetite and risk tolerance interchangeably. This can lead to errors in your framework because: 1) both are different and distinct concepts, 2) risk appetite has a somewhat clear definition, and is not just a fancier synonym for risk tolerance, 3) risk tolerance is itself not well defined, meaning there are different interpretations of what it means.

In this post, we will demystify risk appetite and risk tolerance, with the hope that it helps you understand both concepts, so that you can integrate them in your framework.