This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
4. - Risk management terms for CIOs: Read more in this section
Explore other sections in this guide:
- 1. - Enterprise risk management is not to be overlooked
- 2. - Risk advice from Baroness Pauline Neville-Jones
- 3. - Innovative enterprise risk management strategy for new technologies
In risk management, risk appetite is the level of risk an organization is prepared to accept.
Risk appetite constraints are not easy to define; every organization can tolerate different levels of risk. It is important, however for the organization to establish a common understanding of risk and be prepared for the likelihood and impact of known threats. Organizations should define the maximum level of risk tolerance in each area of risk before taking action.
Organizations sometimes express their risk appetite through the creation of a risk appetite statement, a document that helps guide organizational risk management activities. The statement should be based on a review of the perspectives and concerns of all stakeholders and address the implications of current corporate strategies and practices.
See also: risk assessment framework