Page 699 - COSO Guidance
P. 699
10 | Enterprise Risk Management — Understanding and Communicating Risk Appetite | Thought Leadership in ERM
This example illustrates how risk appetite and strategy This organization’s view of risk appetite specifies not only
interact at the highest levels of an organization. The risk appetite but also acceptable tolerances around that
discussion of risk appetite guided the university’s risk appetite that require action to be taken. For example,
strategies for dealing with issues such as budget cuts and the company communicates its risk appetite for loan
their effect on teaching, research, service, and operations. impairment losses by stating that such losses should not
exceed 0.25% of the loan portfolio. The company has a
Financial Services Organization: This company low tolerance for exceeding this level, and significant
considers quantitative measures to be part of setting risk remediation is expected should losses go beyond 0.28%.
appetite, and it focuses on economic capital as a primary The same company has a low risk appetite related to its
measure. The company manages its financial operations insurance business, stating that claims incurred should be
to attain a reasoned risk/return relationship, which serves no more than 70% of insurance premium revenue.
as a guideline for acceptable credit risks, market risks,
and liquidity risks. The company’s business operations also This organization reviews its risk appetite annually,
involve risks related to strategic, reporting, compliance, adjusting it by type of risk and setting target values for
and operations objectives. risk-specific indicators in light of the economic cycle and
market prospects. The board reviews the risk appetite and
associated policies whenever the economic outlook
changes significantly.
w w w . c o s o . o r g
