risk appetite

Contributor(s): Emily McLaughlin
This definition is part of our Essential Guide: Enterprise risk management strategy: A planning guide for CIOs

In risk management, risk appetite is the level of risk an organization is prepared to accept.

Risk appetite constraints are not easy to define; every organization can tolerate different levels of risk. It is important, however for the organization to establish a common understanding of risk and be prepared for the likelihood and impact of known threats. Organizations should define the maximum level of risk tolerance in each area of risk before taking action.

Organizations sometimes express their risk appetite through the creation of a risk appetite statement, a document that helps guide organizational risk management activities. The statement should be based on a review of the perspectives and concerns of all stakeholders and address the implications of current corporate strategies and practices. 

See also: risk assessment framework

This was last updated in August 2013

Continue Reading About risk appetite

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats

Powered by: