Register

Become a member

News

Feedback

Risk Appetite – it’s slippery by Matthew Humphrey

14 June 2021      Nkechi Ijeomah, CHEIA Administrator

Risk appetite - complicated to understand, a challenge to establish, difficult to apply. Many boards give up. However, I think the risk appetite conversation is a healthy (essential) board room discussion – exploring as a collective what type of risk we are facing? how much risk we are exposed to? And how much risk we are prepared to take? - in pursuit of our objectives. If we understand this then we are in a much better position to manage risk in making decisions, monitoring and assurance.

Decision making

  • Using risk appetite themes to aid risk identification across operations.
  • Inclusion in all reports to the board or its sub-committees explicitly including risk appetite implications and how this will be addressed (if required).
  • Inclusion of risk appetite themes and levels in all agendas for management meetings to keep at the forefront, in view and act as a point of reference.

Monitoring

  • Alignment of existing risks with risk appetite themes across the organisation.
  • Reporting the volume (and approximation of cumulative exposure) of risks by risk theme v risk appetite.
  • Development of a set of KRI’s and tolerances to help measure and inform risk appetite.

Assurance

  • Creation of a set of strategic risks reflective of the risk appetite themes and the development of an assurance map (Board Assurance Framework) in connection with the key risk control environment.
  • Using risk appetite to guide the development of the Internal Audit Plan.
  • Reporting on emerging risk exposures and the risk appetite implications.

Like I said, “it’s slippery”.

Matthew Humphrey is commercial head of RSM's Insight4grc www.insight4grc.com and ERM advisory. He previously headed internal audit functions and in 2001/2 designed and made ready the then largest Local Government Internal Audit Consortium involving 5 councils as well as a private sector partner. Since then he has assisted numerous organisations from all sectors refine, design and develop their enterprise GRC arrangements, including authoring of the Polish Government risk management guide. 
 

Tagged : Miscellaneous

Read more

Latest news

Practitioners' Group
26 Apr 2021
See all news

This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of the site and services and assist with our member communication efforts. Privacy Policy. Accept cookies Cookie Settings