There has been some talk recently about risk appetite: what it means and how it relates to a strategic plan, or even day-to-day operations.
An essential component of an Enterprise Risk Management effort: your organization’s risk appetite must be closely aligned with your strategic plan and with your approach to risk and risk mitigation efforts.
Simply stated, your risk appetite is the level of risk you are willing to assume relative to mitigation efforts required to be in place. For example, what level of risk is your organization willing to assume by making changes to your admissions strategy? Considering a more routine example, what risks are you willing to assume by creating a new program for students, or planning a student trip?
To establish your level of risk appetite, two objectives need to be met. First, to appropriately formulate your risk appetite, detailed risk assessments must be completed. A thorough understanding of your risk inventory must be established with appropriate stakeholders: identify high likelihood and high impact risks across all divisions and business functions. Second, you need be sensitive to your institution’s comfort level regarding risk. An effective Enterprise Risk Management framework will provide keen insights into all risks facing your institution and help you develop an appropriate risk appetite.
While there are many terms to describe levels of risk appetite, here are just a few.
Enthusiastic: Understanding the risks involved, willing to proceed with this knowledge because a new venture is worthy of assuming risks: benefits far outweigh risks.
Thoughtful: There may be a need for certain risk mitigation efforts.
Guarded: Risk assessments produced a number of risks requiring strong mitigating controls prior to moving forward.
Radioactive: Run far, far away.