"Would you rather?" is a party game that poses dilemmas by asking questions starting with "would you rather?". As an example:

Would you rather be 10 minutes late or 20 minutes early?

This simple game illustrates the principles of risk appetite and risk/reward decision-making.

A commonly used decision-making technique poses the questions:

  1. Can I?
  2. Should I?

Can I?

This is the first decision-making “gate”. It involves making an assessment as to the level of risk involved in each alternative choice and comparing those to your personal risk appetite. This requires the identification of the risks and related impacts for each alternative. For example:

  • one risk of being 10 minutes late might be the risk of upsetting whoever you are meeting, leading to your reputation being damaged.
  • one risk of being 20 minutes early may be the lost opportunity of being able to do something else in that time.

Applying your personal risk appetite, you need to ask:

Is that risk outside, or within, my risk appetite?

Personally, the risk relating to being late is outside of my risk appetite while the risk relating to being early is within my risk appetite. The choice for me is therefore easy as I “can’t” do the one that is outside of appetite (being 10 minutes late), but I can accept being 20 minutes early. Related article: Risk Appetite - Inherent and Residual?

Should I?

Where both alternatives are within appetite, you need to move to decision gate two – Should I?

The “Should I?” test involves weighing up the benefits/costs with the level of risk. Where the net benefits/costs outweigh the risk, you should do it, where they do not, you should not.

For example, if both alternatives are within appetite, you would then bring in the time cost. Being 20 minutes early costs you 20 minutes of your time, 10 minutes late, provides you with an extra 10 minutes. You then compare these different time costs/benefits against your assessment of the related risks and select the one which has the best benefit/cost to risk ratio.

Where the game becomes interesting is where both alternatives are outside of appetite. The resulting stress and discomfort of the person being forced to select is obvious. In business, we should be rejecting both alternatives!

The role of risk appetite

Risk appetite plays a crucial role in the correct governance and operations of a successful organisation. In addition to Risk Appetite being used for decision making as outlined above, it should also be used to provide assurance (or lack thereof) to executive management and boards regarding the level of risk within the organisation. 

Risk appetite explicitly sets the boundaries within which our people have freedom to:

  • Take risks
  • Undertake activities
  • Fail
  • Make decisions

Often these boundaries have developed over time from the bottom up, driven by the personal risk appetites of the various staff who have passed through the role. This is dangerous as it may not reflect the desired risk appetite of the organisation.

It is therefore critical that risk appetite is set from the top-down. It should be set by the executive and board but be specifically “owned” by the board.

A well-articulated and operationalised risk appetite is a critical component of a robust enterprise risk management framework. Do you have one?

Want to learn more?

Risk appetite is an enabler, providing a "pool" of risk to be used to create value. It helps identify excessive risk-taking and also where not enough risk is being taken. Watch the webinar recording on this important topic.



Related Articles

feature image
Risk Management

Are topical Top 10 risk lists helpful?

The World Economic Forum recently released its Global Risks Report for 2023. My social networks were abuzz with summaries of the top risks – or...
Read more
feature image
Risk Management

Controls Design and Assurance webinar: Poll results and Q&A

Protecht held a webinar on Controls Design and Assurance earlier this month. The attendees completed several polls and asked a range of questions,...
Read more
feature image
Risk Management

How WorldRemit uses Protecht to manage risk across 130 countries

Specialising in digital P2P money transfers, WorldRemit is a fast-growing remittance firm. Over the last twelve years, the business has grown to...
Read more