It’s important for board directors to understand the difference between risk appetite and risk tolerance. Check out how they compare.
Every corporation, nonprofit, and organization faces a certain amount of risk every day to deliver on its mission and achieve its business goals. But, it’s important for board directors, staff, and administrators to understand the difference between an organization’s risk appetite vs. risk tolerance.
While both risk appetite and risk tolerance set boundaries, risk appetite takes a big-picture view of the general level of risk deemed acceptable, whereas risk tolerance narrows the view to what’s considered acceptable variations of risk around specific objectives.
Think of the difference in terms of driving the exact speed limit on the highway. Very few drivers do, despite the fact that traffic experts deemed the speed limit as safe and meeting the standards of acceptable risk, or risk appetite. Knowing this, most police officers allow for a lower or higher range of speed before ticketing drivers, therefore demonstrating risk tolerance.
What is Risk Appetite?
To determine your organization’s risk appetite, simply consider what risks you’re willing to take to achieve your objectives. Every organization faces a certain amount of risk in their day-to-day business activities, and understanding your organization’s risk capacity informs decisions to accept some of those risks, while taking actions to mitigate others.
Consider the following scenario: Your company launches a new product or service to meet consumer demands. However, supply-chain issues cause repeated delays in getting your product to the market, resulting in unforeseen shifts in consumer demand and fluctuations in the market. Do you release the new product once the supply issues resolve themselves, and hope for a positive turnaround in consumer interest and market demand? Or do you shift gears entirely and come up with a new strategy for the new product release?
To understand risk appetite, consider from a high-level view the general level of risk you’re willing to accept before taking any actions to lower that risk.
What is Risk Tolerance?
Risk tolerance, on the other hand, drills down a little further to identify the risks tied to an organization’s specific program or product, and how much variance it’s willing to tolerate from its risk appetite. Risk tolerance basically allows an organization to establish parameters or criteria around a range of acceptable risks to the organization.
In business, some companies play a more conservative, long game and focus on business objectives that can be easily achieved and pose little threat to themselves or the organization. This demonstrates a low-risk tolerance. Organizations with high-risk tolerance may choose a more aggressive approach, making decisions with more dangerous consequences, but higher returns.
In either case, it’s important to understand and constantly track your organization’s key risk indicators (KRIs), especially when dealing with regulatory changes, high staff turnover, and economic downturns. This can help you understand your risk tolerance and stay on top of critical risks to the organization’s security, operations, finances, and reputation.
Risk Appetite vs. Risk Tolerance: Understanding the Relationship
Risk appetite and risk tolerance are truly intertwined, as companies can’t really establish one without the other. Understanding strategic risk assessment means knowing what risks your organization faces and planning a strategy around what is and isn’t acceptable can mean the difference between success and failure.
Think of risk appetite the same way you might think of your appetite for food in general. You know what kinds of food you like, how much food your body can consume, and when to satisfy those hunger pains to avoid feeling jittery. You’ve identified what you can bear, the resources needed, and the strategy to achieve it. This is risk appetite.
Risk tolerance focuses more on a case-by-case basis of your general risk appetite, or the specific risks associated with a given initiative. Risk tolerance sets the level of risk you’re willing to accept with each individual risk, accepts the outcomes or consequences of that risk should it occur, and identifies the right resources and controls to mitigate the risk impact.
What Changed for Boards in 2021?
Risk Tolerance and Risk Appetite Statement Examples
A company, organization, or its board can choose to create a risk appetite statement to provide direction at an enterprise level as well as for individual business processes. The risk appetite statement, which is tied directly to an organization’s risk tolerance, is typically crafted by the organization’s business leaders in consultation with staff and subject matter experts.
To correctly set up the risk appetite framework, boards might use a pros vs. cons or a costs vs. benefits approach to analyze the risks involved. To take the guesswork out of the equation, many companies, banks, and nonprofits turn to OnBoard Board Management Software for a secure and strategic solution to reducing and managing risks.
In general, risk appetite statement examples might assess the risk of releasing personal identifiable information (PII) about customers or employees. Your risk appetite statement might classify this type of issue in the low-risk appetite column (no tolerance). If the risk involves a financial loss or cybersecurity issue with no PII, you might classify this risk in the moderate-risk appetite column (sometimes tolerated).
The Bottom Line on Risk Appetite vs. Risk Tolerance
To summarize, every organization — whether for-profit, nonprofit, financial, higher-education, or trade-specific — faces risk to achieve its goals.
Identifying your risk appetite helps you understand what risks you’re willing to take to achieve your objectives. Risk tolerance establishes the parameters or criteria around a range of acceptable risks.
OnBoard Board Management Software can help you understand your risk appetite and risk tolerance as part of a strategic risk assessment, and know how to respond appropriately in any situation to ensure security and compliance. With an all-in-one board portal solution, you control the data and manage your organization’s risks with ease.
Assess your risks effectively with OnBoard
Risks are dynamic by nature, but so are businesses and organizations. In general, all organizations must be willing to take on some level of risk to succeed. Developing a risk assessment matrix provides a valuable tool for assessing a broad range of risks, and charting a path forward that effectively abolishes or minimizes the effects of those risks. It helps boards of directors and executive leadership teams establish clear priorities, better allocate risk management resources, and avoid unnecessary losses.
OnBoard’s comprehensive board management solution provides a secure, easy-to-use platform to help boards manage all of their GRC needs. Our technology helps organizations uncover insights and simplify board management processes so they can anticipate challenges before they arise.
About The Author
- Adam Wire is a Content Marketing Manager at OnBoard who joined the company in 2021. A Ball State University graduate, Adam worked in various content marketing roles at Angi, USA Football, and Adult & Child Health following a 12-year career in newspapers. His favorite part of the job is problem-solving and helping teammates achieve their goals. He lives in Indianapolis with his wife and two dogs. He’s an avid sports fan and foodie who also enjoys lawn and yard work and running.
- Board Management Software2023.02.02Board Effectiveness Means Embracing Technology
- Board Management Software2023.01.31Q&A: How Much Does a Board Member Get Paid?
- Board Management Software2023.01.30What is a Change Advisory Board? (Overview, Roles, and Responsibilities)
- Board Management Software2023.01.24What Is Corporate Culture? (And How to Build It)