Exploring Risk Appetite and Risk Tolerance

Enterprise risk management (ERM) has become a critical practice in organizations that are dedicated to managing uncertainty and its effect on achieving organizational objectives. ERM helps organizations focus on the most relevant risks to achieving an organization's goals and objectives, both from an operational, as well as a strategic, perspective. In this way, risk is linked inextricably with future outcomes. As noted in a November 2011 article in Risk Management Magazine entitled "Has ERM Reached a Tipping Point?", RIMS characterizes risk as "an uncertain future outcome that can either improve or worsen our position." How much risk an organization assumes, either knowingly or unwittingly, plays a large part in whether that uncertain future outcome actually improves or worsens the organization's position. Risk appetite and risk tolerance therefore are critical components of an effective ERM program. The objective of this report is to provide those responsible for risk management with: 1. An understanding and practical applications of terms used 2. Practical guidance on how to explore risk appetite and tolerance with the board of directors and executive management 3. Examples of risk appetite and tolerance approaches and statements that risk managers may be able to use or adapt for their organizations. As ERM evolves, organizations will likely advance their understanding, application and use of risk appetite and risk tolerance statements. RIMS intends for this report to provide a catalyst for discussion within individual organizations and, more broadly, among risk practitioners.