James Hart
Manager
What is it and how do I set a Risk Appetite?
Earlier this year, we published an overview of what risk management is, how risk can be managed, and what the benefits of risk management are. In taking the effectiveness of risk management one step further, you may have heard the term ‘risk appetite’ mentioned. But what does this mean?
Risk appetite is a statement set by those responsible for risk management (the Board of Trustees) to determine the level of risk the Trust is willing to take in pursuit of objectives it deems have value. Risk appetite does not have to be the same for all areas across the Trust. For example, if we take risks to reputation, the Trust may take a risk averse approach, noting that the impacts of said risk could cause significant damage to the achievement of objectives (on recruitment, student numbers and ultimately funding etc.). However, it may take a more risk tolerant approach to organisational change and development, as it is a well performing Trust that is looking to grow and expand.
Below are some examples of what risk appetite could look like in a Risk Policy, based on the use of a likelihood vs. impact scoring matrix:
The risk appetite can then be agreed for the risk categories defined in the register. Some examples are provided below:
Ultimately, the Board should determine and continuously assess its risk appetite and agree the descriptions, as the Board has overall responsibility for risk management.
In order to agree and define risk appetite, on review of the risk register (which must be undertaken by the Board at least annually) the whole Board could conduct an exercise whereby each risk category is provided a score from 1-10, based on the five risk appetite categories suggested above. The scores could be collated, and the average for each risk category suggested as its risk appetite. This then sets the level of risk the Board is willing to accept for each area.
One of the benefits to having a defined risk appetite is that it provides transparency over business decisions. So for example, the risk appetite provides reasoning as to why decisions that are viewed as particularly risky, or risk averse were made.
Furthermore, it helps identify risks where additional resources may be needed to mitigate the risk (where the risk is much higher than the ideal risk appetite), or less resources if the risk is operating far below its risk appetite.
Finally, having a defined risk appetite can also help inform your internal scrutiny plan. Areas that are more risk seeking may require more assurance in terms of effective and proportionate controls.
We encourage you to assess whether you may benefit from further understanding risk appetite. If you require support or guidance in this matter, please do not hesitate to contact our dedicated academies team using the form below.
We always recommend that you seek advice from a suitably qualified adviser before taking any action. The information in this article only serves as a guide and no responsibility for loss occasioned by any person acting or refraining from action as a result of this material can be accepted by the authors or the firm.
Join our community of industry leaders and receive exclusive reports, early event access, and expert advice to stay ahead – all delivered straight to your inbox.
Contact us today to find out more about how we can help you