Page 712 - COSO Guidance
P. 712
Thought Leadership in ERM | Enterprise Risk Management — Understanding and Communicating Risk Appetite | 23
Summary of Considerations
The COSO Enterprise Risk Management — Integrated A statement of risk appetite is an effective way to communicate
Framework sets out five principles related to risk appetite: across an organization a sense of acceptable risks. In addition,
it provides a basis for evaluating and monitoring the amount of
1. It is a guidepost in strategy setting. risk an organization faces to determine whether the risk has
risen above an acceptable range.
2. It guides resource allocation.
Organizations can, and should, come to terms with what
3. It aligns organization, people, processes, and they believe to be their appetite for risk. Once stated, risk
infrastructure. appetite can be communicated and refined over time as the
organization becomes more experienced with the concept.
4. It reflects the entity’s risk management philosophy
and influences the culture and operating style. Most importantly, developing risk appetite is the start of
an organization’s commitment to effective enterprise risk
5. It is considered in strategy setting so that strategy management. As with pursuing corporate objectives, the
aligns with risk appetite. end objective is adding value through effective enterprise
risk management in pursuit of organizational goals.
Risk appetite does not exist in a vacuum; rather, it is an Developing and communicating a risk appetite moves
integral part of an organization’s strategies for achieving organizations in that direction.
objectives. The concept of risk appetite permeates all
organizations, from charities and governments to small
businesses and publicly traded corporations.
w w w . c o s o . o r g
