Page 475 - COSO Guidance
P. 475
Risk Appetite — Critical to Success | 3
PUTTING RISK APPETITE INTO CONTEXT OF THE BUSINESS
Every organization must accept that taking risks to innovate
and grow is inherent to business. To not do so leaves
the organization vulnerable to losing ground to other
competitive organizations. The challenge is to know the
right amount of risk necessary to sustain innovation and
growth across the organization. With that knowledge, an
organization can determine which strategies to adopt and
which objectives to pursue.
Risk appetite must also be flexible enough to adapt to
changing conditions, helping an organization to remain
relevant in the evolving landscape. For example, during good
economic times, a successful and growing company may
be more willing to accept certain downside risk than when
economic times are bad and business outlooks deteriorate.
Early applications of risk appetite often focused on financial
and operational measures. This focus worked well with
a compliance mindset. But to excel in applying appetite,
organizations need to broaden their scope, which requires
viewing enterprise risk management through the lens of
objectives that align with performance expectations. This
view expands risk appetite to include all stakeholders, and
to being incorporated into the organizational culture.
Such a view can be articulated in a statement on how an
organization intends to make decisions in managing risk.
A sample statement might be as follows:
We will pursue innovation to improve customer service
and efficiency in operations unless such innovation
potentially elevates risk relating to internal capabilities
or creates risk of significant disruption to business
operations. Innovation that creates significant risk about
ongoing financial performance will be considered where
regulatory compliance risks are unacceptably high.
c oso . or g
