A healthy appetite
Every one of us has our own personal appetite for risk. Some people think nothing of taking huge risks, both in their business and personal lives, whilst others are far more reserved, to the point of being almost totally risk averse. Most of us fall somewhere in between.
Similarly, all organisations have a “corporate” risk appetite, which dictates the types and levels of risk that the organisation, or at least the senior management team that directs it, are willing to take or to accept.
The problem is that it can be very difficult to pin them down and get them to define the corporate risk appetite, partly because it’s actually quite difficult to put into words. So few organisations bother to do so, and fewer still actually document and publish a formal statement of risk appetite to their managers and staff, which can make life a bit difficult for them in terms of their risk management efforts.
But if our risk management programmes are to be effective, we really need those at the helm to give us some clue as to the levels of risk that they’re willing to accept and those that they aren’t.
For instance, a high level of strategic or equipment risk may be acceptable, whereas the opposite may well be true of health and safety or reputational risk. So one approach may be to simply ask for clarification of the acceptable levels of risk in each of the various categories (financial, operational, customer service, reputation, safety, compliance or whatever).
Another approach might be to ask, after your risk assessments have identified and quantified what you consider to be the most significant risks, for confirmation (ideally in writing as this always helps to focus the mind!) of those that they’re willing to accept and those that they feel must be addressed in some way.
Whatever approach is taken, getting a steer from those at the top can be hugely beneficial. It helps get their buy-in, ensures a consistent approach, makes the risk assessment process more productive and can potentially save a significant amount of wasted time and effort by preventing managers and staff from barking up the proverbial wrong tree.