Printable versionSend by emailPDF version
December 18, 2017

The two sides of risk

For an organisation to remain competitive in today’s challenging business environment, an optimal balance must be achieved between risk retention, mitigation, and transfer. An organisation should take risk on a controlled and informed basis in pursuit of its business objectives. How much risk an organisation can and may wish to take on board will depend on many factors including the environment it operates in, its stakeholder’s expectations, the nature and culture of its business and the capacity it must cope with absorbing risk without negatively impacting its objectives, otherwise known as its ‘risk capacity’. Understanding clearly the differences between the two sides of risk – threat and opportunity - is a key business enabler for organisations.

Adaptable frameworks

It is recognised that whilst there is a need to articulate how much risk an organisation should take using a format that can be understood by the organisation as a whole, formats will vary considerably between different business environments, including size, complexities, and maturity of the entities in question. There is no one size fits all approach. For example, an organisation operating in a highly regulated environment may have its approach to risk-taking defined through its processes and procedures and make very little reference to a stand-alone framework document.

Supporting better business decisions

More important is how the framework is designed and guidelines are used to drive improved business decisions which in turn drive performance and support the achievement of business objectives. Providing assurance to senior stakeholders that risk is being taken within specified limits is important. However, supporting improved decision making by clearly articulating risk appetite against future risk scenarios is a real driver of reducing future uncertainty and financial volatility. A clear link between strategies, the business model, the business plan, the related Key Performance Indicators (KPIs) and risk limits that help to define appetite, should be established.

The report below offers an alternative view on how best to implement a risk appetite that is explicitly linked to key business decisions – no matter whether you choose to call it risk appetite or simply risk-informed management of the business.

Click here to download our report.