Introducing Marketplace: Fast-track your ERM system implementation
Learn More

"Would you rather?" is a party game that poses dilemmas by asking questions starting with "would you rather?". As an example:

Would you rather be 10 minutes late or 20 minutes early?

This simple game illustrates the principles of risk appetite and risk/reward decision-making.

A commonly used decision-making technique poses the questions:

  1. Can I?
  2. Should I?

Can I?

This is the first decision-making “gate”. It involves making an assessment as to the level of risk involved in each alternative choice and comparing those to your personal risk appetite. This requires the identification of the risks and related impacts for each alternative. For example:

  • one risk of being 10 minutes late might be the risk of upsetting whoever you are meeting, leading to your reputation being damaged.
  • one risk of being 20 minutes early may be the lost opportunity of being able to do something else in that time.

Applying your personal risk appetite, you need to ask:

Is that risk outside, or within, my risk appetite?

Personally, the risk relating to being late is outside of my risk appetite while the risk relating to being early is within my risk appetite. The choice for me is therefore easy as I “can’t” do the one that is outside of appetite (being 10 minutes late), but I can accept being 20 minutes early. Related article: Risk Appetite - Inherent and Residual?

Should I?

Where both alternatives are within appetite, you need to move to decision gate two – Should I?

The “Should I?” test involves weighing up the benefits/costs with the level of risk. Where the net benefits/costs outweigh the risk, you should do it, where they do not, you should not.

For example, if both alternatives are within appetite, you would then bring in the time cost. Being 20 minutes early costs you 20 minutes of your time, 10 minutes late, provides you with an extra 10 minutes. You then compare these different time costs/benefits against your assessment of the related risks and select the one which has the best benefit/cost to risk ratio.

Where the game becomes interesting is where both alternatives are outside of appetite. The resulting stress and discomfort of the person being forced to select is obvious. In business, we should be rejecting both alternatives!

The role of risk appetite

Risk appetite plays a crucial role in the correct governance and operations of a successful organisation. In addition to Risk Appetite being used for decision making as outlined above, it should also be used to provide assurance (or lack thereof) to executive management and boards regarding the level of risk within the organisation. 

Risk appetite explicitly sets the boundaries within which our people have freedom to:

  • Take risks
  • Undertake activities
  • Fail
  • Make decisions

Often these boundaries have developed over time from the bottom up, driven by the personal risk appetites of the various staff who have passed through the role. This is dangerous as it may not reflect the desired risk appetite of the organisation.

It is therefore critical that risk appetite is set from the top-down. It should be set by the executive and board but be specifically “owned” by the board.

A well-articulated and operationalised risk appetite is a critical component of a robust enterprise risk management framework. Do you have one?

Want to learn more?

Risk appetite is an enabler, providing a "pool" of risk to be used to create value. It helps identify excessive risk-taking and also where not enough risk is being taken. Watch the webinar recording on this important topic.

20220317-risk-appetite-webinar-linkedin-1-recording

 

Related Articles

feature image
Compliance Management, Risk Management, Risk Manager

Are you allocating enough resources to compliance and risk management, and are you getting a positive ROI?

Macquarie Group has disclosed in its latest financial results that the group spent $785 million on compliance in the year to 31 March 2022, a 22%...
Read more
feature image
Webinars, Protecht.ERM

Operational Resilience Leadership Webinar Wrap Up

The drivers of operational resilience are creating a perfect storm. On one hand, the financial services regulators are demanding action while on the...
Read more
feature image
ERM, Risk Manager, Operational Resilience

Investing in Operational Resilience – the most lucrative investment you will ever make!

The World Economic Forum has estimated that “Fighting COVID-19 could cost 500 times as much as pandemic prevention measures”[1]. This means that an...
Read more