Page 44 - RMAI Bulletin July - September 2021
P. 44
RMAI BULLETIN JULY TO SEPTEMBER 2021
Glossary
Risk Appetite Framework Risk Treatment
The overall approach, including policies, processes, In enterprise risk management terms, risk treatment
controls, and systems through which risk appetite is refers to the strategies and steps taken to reduce,
established, communicated, and monitored within an remove, avoid, transfer or otherwise alter the level of
organization. It includes an overall risk appetite a risk. Treatment options can involve deploying
statement that is usually followed by a series of more additional proactive and reactive risk mitigations,
specific statements for certain situations (usually by signing legal agreements to transfer a portion of risk
risk category). It also includes roles and responsibilities to a third party, or deciding to cease activities which
of establishing and monitoring of the risk appetite could lead to the risk. Risk treatment approaches are
framework. taken in order to bring risk levels in line with the
desired risk thresholds set by the board of directors
and executive team in the organization's risk appetite.
Risk Profile
In enterprise risk management terms, risk profile
Risk Velocity
usually refers to a summary of the top risks facing an The speed at which a risk is expected to emerge from
organization i.e. the aggregate level of residual risk root causes, crystallize into an actual risk event and
across the ERM program. It is used as a baseline or then translate into consequences. Risk velocity can also
barometer of total enterprise risk. Historically, risk be thought of as Time to Impact. Some ERM
profile was communicated in risk-centric views, such practitioners use risk velocity as an additional variable
as excerpts from a risk register or a classic heat map. to assess risks, in addition to likelihood and impact. For
example, two serious risks may have the same rating
Risk Register of likelihood and impact, but one risk may occur and
A summary listing of the organization's risks, along lead to consequences immediately, whereas the other
with their ratings (scores or risk levels) and a summary develops slowly over a period of months or years.
of the actions being taken in response to the risk. Risk
registers used in enterprise risk management are Strategic Risk
unique in that they tend to focus on a relatively small Strategic risk Exposure to uncertainty arising from
long-term business planning and execution. For
number of strategic or enterprise-wide risks. These
enterprise risks are monitored and reported on to the example, strategic risk might arise from making poor
business decisions (or failing to make decisions), from
executive team and board of directors on a regular
basis. the substandard execution of decisions, from
inadequate resource allocation, or from a failure to
respond well to changes in the business environment.
Risk Tolerance
We do not use the term risk tolerance in our models Stress Testing
or our Essential ERM system because there are several Stress testing is a simulation technique often used in
interpretations of the term and no clear consensus on the banking industry. Stress testing is also used on
its use. Risk tolerance may be used as a synonym for asset and liability portfolios to determine their
risk appetite or a synonym for risk capacity. Still others reactions to different financial situations. Additionally,
use it in a more granular fashion to track and monitor stress tests are used to gauge how certain stressors will
variances against key risk indicators. affect a company, industry or specific portfolio. T
42
