Print Article

Risk appetite – Critical to Success


Boards and CEOs define the "level of Risk" organisations are willing to assume while conducting their business activities.

Is defining risk appetite a one-time activity where a percentage of an acceptable level of risk is defined? Or is there something beyond this question?

Successful organisations go beyond the definitional trap of risk appetite. They prefer to integrate the concept of risk appetite with organisational planning and decision-making processes.

Businesses' environment is dynamic, and so are business strategies, so how can the risk appetite statement remain constant? Risk appetite evolves along with the changing business circumstances, business confidence, and strategy.

Boards can learn from COSO, which has published a new thought paper on Risk appetite – Critical to Success, in May 2020.

COSO Guidance on Risk appetite – Critical to Success, May 2020

As per the new COSO guidance (re-produced from page 3 on Putting Risk Appetite into the Context of Business) –

  • Risk appetite must be flexible enough to adapt to changing conditions, helping an organisation to remain relevant in the evolving landscape.
  • For example, during good economic times, a successful and growing company may be more willing to accept certain downside risk than when economic times are bad, and business outlooks deteriorate.
  • Early applications of risk appetite often focused on financial and operational measures.
  • This focus worked well with a compliance mindset. But to excel in applying appetite, organisations need to broaden their scope, which requires viewing enterprise risk management through the lens of objectives that align with performance expectations.
  • This view expands risk appetite to include all stakeholders and to be incorporated into the organisational culture.

The COSO Enterprise Risk Management—Integrating with Strategy and Performance defines risk appetite as:-

"The types and amount of risk, on a broad level, an organisation is willing to accept in pursuit of value."

Six things to remember about Risk appetite (RA):-

  1. RA is not a separate framework it is integral to managing risk
  2. RA and Risk tolerance are related but distinct
  3. RA applies to more than the financial services industry
  4. RA is at the heart of decision making
  5. RA is much more than a metric. It is tied up to strategy.
  6. RA helps improve transparency as a well-communicated RA creates awareness of the risks the organisation is willing to assume and limit.

Organisations could look at combining Objective and Risk focus approaches and linking them on the subject of Risk Appetite. Let us look at a practical


In today's times, 'effective risk management is a real-time play between changing risk appetite, strategy, and performance. Understanding risk appetite is critical to business success.

It is the foundational step in strategic planning and integral to decision making. Organisations monitor and evaluate performance regularly; however, they fail to validate their risk appetite with emerging business scenarios, thereby leaving a risky gap in their corporate governance processes.

Precision and appropriate language are essential elements for arriving at a quality risk appetite statement.

Laser-sharp risk appetite statements focused on objectives and risk limits coupled with transparent communication to all levels go a long way in preventing avoidable events that can potentially cause losses.

Risk appetite statements should be designed at the enterprise, business unit, and the process owner level.

Such a cascading approach will create a risk-aware culture and permeate risk management practices at various decision-making stages in the organisation.

The COSO guidance suggests that organisations draw on continual improvement practices as far as Risk appetite is concerned. As part of internal reporting practices, report variation from desired risk appetite to management and the board.

Continuous validation of risk appetite is a critical factor for organisational planning and success. It is of great value in uncertain times.



The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email