Risk Appetite | Notion

Overview

Risk appetite refers to the amount and type of risk that a business is willing to accept in pursuit of its objectives. It's a critical concept in risk management, as it sets the level at which risks are not being managed effectively.

In StartRisk a risk appetite is set for each Risk Class using the following risk appetite categories:

Appetite	Description of Appetite
Avoid	The business will avoid these risks event when the potential benefits are high.
Resist	The business prefers safer options with only a small amount of risk exposure.
Accept	The business will accept a reasonable level of risk where protections are able to be implemented.
Encourage	The business actively encourages risk taking where the potential benefits are high.

Risk appetites are set during the onboarding stage in StartRisk as they are essential to the risk management process as they set the basis on which risks are assessed as being within or outside of appetite. Risks assessed as outside of appetite are then highlighted in reporting for awareness and action.

Screenshot 2024-03-04 at 11.45.04 am.png

Key Concepts

Risk Appetite is the amount of risk that a business is willing to accept or retain in pursuit of its objectives. Risk appetites are set for each Risk Class.

Risk Appetite Statement is a formal declaration outlining the types and levels of risk a business is willing to accept in its pursuit of value.

Example

Let's compare the risk appetite of two different businesses: a not-for-profit charity and a technology startup.

Not-for-Profit Charity: This business has a low risk appetite , particularly in operational risk, to safeguard its reputation and donor trust. For them, an ‘Avoid’ risk appetite would emphasise minimal tolerance for operational failures, strict compliance with legal and ethical standards, and a conservative approach to financial management. They would likely have tight control mechanisms to ensure that operational risks are kept to a minimum.
Technology Startup: Contrarily, a tech startup might have a high risk appetite, especially in operational aspects, to foster innovation and rapid growth. An ‘Encourage’ risk appetite would highlight a willingness to embrace significant risks in pursuit of market disruption and rapid scaling. Their risk thresholds would be set higher, allowing for more significant variations in operational processes and a more aggressive pursuit of opportunities, even if they carry higher risk levels.

A reasonable question to ask would be “Why track risks when you encourage risk taking?” The answer to that is to be able to be responsive to changes in risk appetite. Let’s say that 12 months has progressed and the technology startup has achieved product market fit and now their objective is to scale their business. To scale a business you want repeatable, reliable and efficient operational processes so their appetite is now ‘Resist’. Having a record of the risks that emerged while they were being encouraged serves as a great reference point to now start adding in control processes to manage those risks.