The concept of risk-appetite has been around for years, yet so many risk practicioners still find themselves confused and unsure how to quantify, formalise and document it. Well, the short answer is YOU DON’T NEED TO. There is a better way.

First, disclaimers. The following article only applies to non-financial companies, just like everything else I publish. In banks risk appetite may still work fine. I wouldn’t know 🙂 Whenever I say something is broken I offer an alternative that works much better. You just have to be patient and finish reading the article.

Most organisations have already documented their appetites for different common decisions or business activities. Segregation of duties, financing and deal limits, vendor selection criteria, investment criteria, zero tolerance to fraud or safety risks – are all examples of how organisations set risk appetite. Appetites for different kinds of risks has been around for decades. Not all risks…

View original post 453 more words