Risk Appetite | Notion

Overview

Risk appetite refers to the amount and type of risk that a business is willing to accept in pursuit of its objectives. It's a critical concept in risk management, as it sets the level at which risks are not being managed effectively.

In StartRisk a risk appetite is set for each Risk Class using the following risk appetite categories:

Appetite	Description of Appetite
Avoid	The business will avoid these risks event when the potential benefits are high.
Resist	The business prefers safer options with only a small amount of risk exposure.
Accept	The business will accept a reasonable level of risk where protections are able to be implemented.
Encourage	The business actively encourages risk taking where the potential benefits are high.

Risk appetites are set during the onboarding stage in StartRisk. They are essential to the risk management process as they set the basis on which risks are assessed as being within or outside of appetite. Risks assessed as outside of appetite are then highlighted as ‘risk exceptions’ in reporting for awareness and action.

Screenshot 2024-03-04 at 11.45.04 am.png

Risk apptite may be required to be changed in certain circumstances. For example if the appetite is leading to an over-reporting of risk exceptions or if there is a change in strategic objectives. Risk Class owners are able to change the appetite from the risk class page by clicking the settings icon.

Key Concepts

Risk Appetite is the amount of risk that a business is willing to accept or retain in pursuit of its objectives. Risk appetites are set for each Risk Class.

Risk Appetite Statement is a formal declaration outlining the types and levels of risk a business is willing to accept in its pursuit of value.

Example

Let's compare the risk appetite of two different businesses: a not-for-profit charity and a technology startup.

Not-for-Profit Charity: This business has a low risk appetite , particularly in operational risk, to safeguard its reputation and donor trust. For them, an ‘Avoid’ risk appetite would emphasise minimal tolerance for operational failures, strict compliance with legal and ethical standards, and a conservative approach to financial management. They would likely have tight control mechanisms to ensure that operational risks are kept to a minimum.
Technology Startup: Contrarily, a tech startup might have a high risk appetite, especially in operational aspects, to foster innovation and rapid growth. An ‘Encourage’ risk appetite would highlight a willingness to embrace significant risks in pursuit of market disruption and rapid scaling. Their risk thresholds would be set higher, allowing for more significant variations in operational processes and a more aggressive pursuit of opportunities, even if they carry higher risk levels.

A reasonable question to ask would be “Why track risks when you encourage risk taking?” The answer to that is to be able to be responsive to changes in risk appetite. Let’s say that 12 months has progressed and the technology startup has achieved product market fit and now their objective is to scale their business. To scale a business you want repeatable, reliable and efficient operational processes so their appetite may change to ‘Resist’. Having a record of the risks that emerged while they were being encouraged serves as a great reference point to now start adding in control processes to manage those risks.