Each
organization must determine its own risk appetite; there is no single universal
risk appetite. But how does an organization get to the point of having a risk
appetite statement that can be communicated through the
organization? And how does risk appetite stay relevant over time?
To
effectively adopt risk appetite, an organization must take three key steps:
1.
Management develops, with board review and concurrence, a view of
the organization’s overall risk appetite.
2.
This view of risk appetite is translated into a written or oral
form that can be shared across the organization.
3.
Management monitors the risk appetite over time, adjusting how it
is expressed as business and Operational conditions warrant.
These
three steps will be discussed in detail in later sections of this paper.
.......By Faith Gabriella.
