JHS Associates

Risk Appetite is Linked to Strategy, Confidence and Circumstances

Risk Management

Contributed by Huzeifa Unwala, Senior Partner, JHS & Associates LLP

Evolution imperative

Boards and CEOs define the \”level of Risk\” organisations are willing to assume while they conduct their business activities.  Is defining risk appetite a one-time activity where a percentage of an acceptable level of risk is defined? Or is there something beyond this question. Successful organisations go beyond the definitional trap of risk appetite. They prefer to integrate the concept of risk appetite with organisational planning and decision-making processes.

Businesses\’ environment is dynamic, and so are business strategies, so how can the risk appetite statement remain constant? Risk appetite evolves along with the changing business circumstances, business confidence, and strategy.

In the current context, risk appetite has dramatically reduced while organisations are struggling to cope with the CoVID 19 pandemic. During this phase of the health pandemic, Boards and CEOs are not in the mood to on-board growth risks that have any downside. They are drawing the risk boundaries in terms of organisational capability, skills, and capacity.

COVID 19 is compelling Boards and CEOs to re-engage with stakeholders to re-define their risk appetite metric that goes beyond the traditional one-liner risk appetite statements. Boards can learn from COSO that has published a new thought paper on the subject of Risk appetite – Critical to Success, in May 2020.

COSO Guidance on Risk appetite – Critical to Success, May 2020

As per the new COSO guidance (re-produced from page 3 on Putting Risk Appetite into the Context of Business) – Risk appetite must be flexible enough to adapt to changing conditions, helping an organisation to remain relevant in the evolving landscape. For example, during good economic times, a successful and growing company may be more willing to accept certain downside risk than when economic times are bad, and business outlooks deteriorate. Early applications of risk appetite often focused on financial and operational measures. This focus worked well with a compliance mindset. But to excel in applying appetite, organisations need to broaden their scope, which requires viewing enterprise risk management through the lens of objectives that align with performance expectations. This view expands risk appetite to include all stakeholders, and to be incorporated into the organisational culture.

The COSO Enterprise Risk Management—Integrating with Strategy and Performance defines risk appetite as:-
\”The types and amount of risk, on a broad level, an organization is willing to accept in pursuit of value.\”
Six things to remember about Risk appetite (RA):-
1. RA is not a separate framework it is integral to managing risk
2. RA and Risk tolerance are related but distinct
3. RA applies to more than the financial services industry
4. RA is at the heart of decision making
5. RA is much more than a metric. It is tied up to strategy.
6. RA helps improve transparency as a well-communicated RA creates awareness of the risks the organization is willing to assume and limit.

Organisations could look at combining Objective and Risk focus approaches and linking them on the subject of Risk Appetite. Let us look at a practical illustration published in the COSO guidance on page 15 for a Natural Food Company: – 

\"Risk

Conclusion

In today\’s times, \’ effective risk management is a real-time play between changing risk appetite, strategy, and performance.  Understanding risk appetite is critical to business success. It is the foundational step in strategic planning and integral to decision making. Organisations monitor and evaluate performance regularly; however, they fail to validate their risk appetite with emerging business scenarios, thereby leaving a risky gap in their corporate governance processes.

Precision and choice of appropriate language are essential elements for arriving at a quality risk appetite statement. Laser-sharp risk appetite statements that are focused on objectives and risk limits coupled with transparent communication to all levels go a long way in preventing avoidable events that have the potential to cause losses.

Risk appetite statements should be designed at the enterprise, business unit, and the process owner level. Such a cascading approach will create a risk-aware culture and permeate risk management practices at various decision-making stages in the organisation. The COSO guidance suggests that organisations draw on continual improvement practices as far as Risk appetite is concerned. As part of internal reporting practices, report variation from desired risk appetite to management and the board.

Continuous validation of risk appetite is a critical factor for organisational planning and success. It is of great value in uncertain times.

  ­­­­­­­­­­­­­­­­­­­­­_________________________________________________________________________________

[Views expressed by the author are personal; they do not represent the views of JHS & Associates LLP. This article publishes insights from the COSO guidance release dated May 2020 on the subject of Risk Appetite and practical experiences of the author on this subject. Readers are advised to read the COSO guidance and applicability of the information to specific situations should be determined through consultation with professional advisers].

Share your love
Apply Now

Maximum file size: 3MB