• By: Adam Wire
  • March 4, 2022
Reading Time: 8 minutes
Risk Tolerance vs. Risk Appetite: The Difference Explained

It’s important for board directors to understand the difference between risk appetite and risk tolerance. Check out how they compare.

Every corporation, nonprofit, and organization faces a certain amount of risk every day to deliver on its mission and achieve its business goals. But, it’s important for board directors, staff, and administrators to understand the difference between an organization’s risk appetite vs. risk tolerance

While both risk appetite and risk tolerance set boundaries, risk appetite takes a big-picture view of the general level of risk deemed acceptable, whereas risk tolerance narrows the view to what’s considered acceptable variations of risk around specific objectives.

Think of the difference in terms of driving the exact speed limit on the highway. Very few drivers do, despite the fact that traffic experts deemed the speed limit as safe and meeting the standards of acceptable risk, or risk appetite. Knowing this, most police officers allow for a lower or higher range of speed before ticketing drivers, therefore demonstrating risk tolerance

What is Risk Appetite?

To determine your organization’s risk appetite, simply consider what risks you’re willing to take to achieve your objectives. Every organization faces a certain amount of risk in their day-to-day business activities, and understanding your organization’s risk capacity informs decisions to accept some of those risks, while taking actions to mitigate others.

Consider the following scenario: Your company launches a new product or service to meet consumer demands. However, supply-chain issues cause repeated delays in getting your product to the market, resulting in unforeseen shifts in consumer demand and fluctuations in the market. Do you release the new product once the supply issues resolve themselves, and hope for a positive turnaround in consumer interest and market demand? Or do you shift gears entirely and come up with a new strategy for the new product release?

To understand risk appetite, consider from a high-level view the general level of risk you’re willing to accept before taking any actions to lower that risk.

What is Risk Tolerance?

Risk tolerance, on the other hand, drills down a little further to identify the risks tied to an organization’s specific program or product, and how much variance it’s willing to tolerate from its risk appetite. Risk tolerance basically allows an organization to establish parameters or criteria around a range of acceptable risks to the organization.

In business, some companies play a more conservative, long game and focus on business objectives that can be easily achieved and pose little threat to themselves or the organization. This demonstrates a low-risk tolerance. Organizations with high-risk tolerance may choose a more aggressive approach, making decisions with more dangerous consequences, but higher returns.

In either case, it’s important to understand and constantly track your organization’s key risk indicators (KRIs), especially when dealing with regulatory changes, high staff turnover, and economic downturns. This can help you understand your risk tolerance and stay on top of critical risks to the organization’s security, operations, finances, and reputation. 

Search-Find-Discover-Icon-Blue.svg

Risk Appetite vs. Risk Tolerance: Understanding the Relationship

Risk appetite and risk tolerance are truly intertwined, as companies can’t really establish one without the other. Understanding strategic risk assessment means knowing what risks your organization faces and planning a strategy around what is and isn’t acceptable can mean the difference between success and failure.

Think of risk appetite the same way you might think of your appetite for food in general. You know what kinds of food you like, how much food your body can consume, and when to satisfy those hunger pains to avoid feeling jittery. You’ve identified what you can bear, the resources needed, and the strategy to achieve it. This is risk appetite.

Risk tolerance focuses more on a case-by-case basis of your general risk appetite, or the specific risks associated with a given initiative. Risk tolerance sets the level of risk you’re willing to accept with each individual risk, accepts the outcomes or consequences of that risk should it occur, and identifies the right resources and controls to mitigate the risk impact.

What Changed for Boards in 2021?

Everything. See the trends that shaped boards and their meetings in 2021.
OnBoard_Icons_Compliance_2 Color

Risk Tolerance and Risk Appetite Statement Examples

A company, organization, or its board can choose to create a risk appetite statement to provide direction at an enterprise level as well as for individual business processes. The risk appetite statement, which is tied directly to an organization’s risk tolerance, is typically crafted by the organization’s business leaders in consultation with staff and subject matter experts.

To correctly set up the risk appetite framework, boards might use a pros vs. cons or a costs vs. benefits approach to analyze the risks involved. To take the guesswork out of the equation, many companies, banks, and nonprofits turn to OnBoard Board Management Software for a secure and strategic solution to reducing and managing risks.

In general, risk appetite statement examples might assess the risk of releasing personal identifiable information (PII) about customers or employees. Your risk appetite statement might classify this type of issue in the low-risk appetite column (no tolerance). If the risk involves a financial loss or cybersecurity issue with no PII, you might classify this risk in the moderate-risk appetite column (sometimes tolerated).

OnBoard_Icons_Consistent_2 Color

The Bottom Line on Risk Appetite vs. Risk Tolerance

To summarize, every organization — whether for-profit, nonprofit, financial, higher-education, or trade-specific — faces risk to achieve its goals.

Identifying your risk appetite helps you understand what risks you’re willing to take to achieve your objectives. Risk tolerance establishes the parameters or criteria around a range of acceptable risks.

OnBoard Board Management Software can help you understand your risk appetite and risk tolerance as part of a strategic risk assessment, and know how to respond appropriately in any situation to ensure security and compliance. With an all-in-one board portal solution, you control the data and manage your organization’s risks with ease.

Ready to tackle the risks facing your organization? Contact OnBoard today to start a free trial.

OnBoard_Icons_Globe_2 Color

Assess your risks effectively with OnBoard

Risks are dynamic by nature, but so are businesses and organizations. In general, all organizations must be willing to take on some level of risk to succeed. Developing a risk assessment matrix provides a valuable tool for assessing a broad range of risks, and charting a path forward that effectively abolishes or minimizes the effects of those risks. It helps boards of directors and executive leadership teams establish clear priorities, better allocate risk management resources, and avoid unnecessary losses.

OnBoard’s comprehensive board management solution provides a secure, easy-to-use platform to help boards manage all of their GRC needs. Our technology helps organizations uncover insights and simplify board management processes so they can anticipate challenges before they arise.

Our experts are on-hand and ready to answer questions or help you start your free trial today.

Ready to upgrade your board’s effectiveness with OnBoard the board intelligence platform? Schedule a demo or request a free trial