It’s important for board directors to understand the difference between risk appetite and risk tolerance. Check out how they compare.
Every corporation, company, nonprofit, and organization faces a certain level of risk when conducting its day-to-day operations. In order to properly manage these risks and attain business goals, an organization needs to create a sound risk assessment matrix and ensure that its board members, staff, and administrators understand the difference between risk tolerance vs. risk appetite.
That said, while both risk tolerance and risk appetite set boundaries, there’s a difference between them. Risk appetite takes a big-picture view of the general level of risk deemed acceptable, whereas risk tolerance narrows the view to what’s considered acceptable variations of risk around specific objectives.
An example of a risk appetite statement is a company saying that it doesn’t accept risks that could lead to it losing a significant portion of its revenue base. When the same company says it doesn’t wish to accept risks that could result in revenue from its top five customers dropping by more than 15%, it’s expressing risk tolerance.
This post will take a deeper look at the difference between risk tolerance vs. risk appetite and how a board portal can streamline risk assessment.
What is Risk Tolerance?
Risk tolerance is all about how much risk an organization is comfortable taking while still meeting its objectives. This means figuring out how much risk the organization is willing to accept related to its products or programs. As such, risk tolerance allows organizations to establish parameters around acceptable risks.
The factors that influence risk tolerance include:
- Timeline: Generally, more risks can be taken if there’s more time. For instance, an individual or organization looking to make a certain amount of money at the end of 10 years can take more risks than an individual/organization looking to make the same amount of money within five years.
- Goals: Each individual or organization will take on a different risk tolerance based on its goals.
- Portfolio size: The larger the portfolio, the more tolerant an organization will be to risk.
- Comfort level: Different organizations handle risks differently. Some organizations are naturally more comfortable with taking risks than others.
Types of Risk Tolerance
The 3 different levels of risk tolerance include:
- Aggressive Risk Tolerance: Organizations with aggressive risk tolerance are often used to seeing an upward and downward movement in their portfolio. Their primary goal is accumulating the highest returns possible, despite the risk involved. Organizations with aggressive risk tolerance may face huge losses when things don’t go their way.
- Moderate Risk Tolerance: Organizations with moderate risk tolerance are less risk-tolerant than those with aggressive risk tolerance. They take on some risks and usually set a percentage of losses they are willing to handle. With the moderate approach, they earn less compared to aggressive investors when the risk pays off, but they also face fewer losses if the risk doesn’t pay off.
- Conservative Risk Tolerance: Organizations with conservative risk tolerance focus on easily achievable objectives that pose little threat to them.
Regardless of your organization’s risk tolerance, it’s important to track key risk indicators (KRIs), especially when dealing with economic downturns, regulatory changes, and high staff turnover. This can help you understand your risk tolerance and stay on top of the vital risks to your organization’s security, finances, and reputation.
What is Risk Appetite?
Risk appetite indicates the amount of risks an organization is willing to accept to attain its business objectives. In other words, it describes the level of risk-taking that the board of directors or management considers acceptable in an organization’s day-to-day activities.
Every organization faces a certain level of risk in their daily operations, and understanding your organization’s risk appetite informs decisions to accept some of those risks while taking measures to mitigate others.
Risk Appetite Framework
A risk appetite framework is a management structure that helps organizations define and manage their overall risk appetite. It’s essential to create a framework that is transparent, integrated, measurable, and actionable to achieve business success.
A risk appetite framework typically includes a risk appetite statement, risk criteria, risk limits, and risk management procedures. As part of their corporate governance role, the board of directors typically develops the overall risk appetite framework for an organization.
Risk Appetite Statement
A company, organization, or its board can choose to create a risk appetite statement to provide direction at an enterprise level as well as for individual business processes. The risk appetite statement, which is tied directly to an organization’s risk tolerance, is typically crafted by the organization’s business leaders in consultation with staff and subject matter experts.
A risk appetite statement is a broad description of the types and amounts of risks an organization is willing to accept to achieve its objectives. It allows the organization to inform its internal and external stakeholders of its risk appetite. A risk appetite statement describes an organization’s attitude toward risk in quantitative or qualitative metrics (or both).
Generally, risk appetite statement examples might assess the risk of disclosing the personal identifiable information (PII) of your employees or customers. It might classify this type of issue in the low-risk column. However, suppose the risk involves a financial loss or a cybersecurity issue with no PII. You might classify the risk in the moderate risk appetite column.
A well-crafted risk appetite statement can help your organization better manage risks and understand its risk exposure, as well as enable executives to make informed decisions based on a complete risk profile.
Assessing Risk with a Board Portal
Generally, all organizations must be willing to take up some level of risk to succeed. A risk assessment matrix is a valuable tool for assessing a wide range of risks and charting a path for effectively minimizing or even eliminating the effects of those risks. It helps executive leadership teams and boards to establish clear priorities, better allocate risk management resources, and avoid unnecessary losses.
OnBoard’s board management software can help you understand your risk appetite and risk tolerance as part of a strategic risk assessment, and know how to respond appropriately in any situation to ensure security and compliance.
Its secure system of record for board meeting content, communication, and data limits exposure to risk and reduces the number of vulnerable endpoints. It enables moderators to deploy customizable multi-level and granular control for sensitive data, including the ability to purge notes and annotations. In addition, it is SOC 2 and ISO 27001 certified, helping ensure regulatory compliance. With an all-in-one board portal solution, you control the data and manage your organization’s risks with ease.
Ready to improve your board’s effectiveness? Check out our Board Management Software Buyer’s Guide to learn how board management software can help you with critical tasks, including risk assessment and risk management.
Frequently Asked Questions (FAQ)
1. How Do You Measure Risk Tolerance?
The standard approach to determining risk tolerance is to ask yourself a series of questions. This might include assessing your time horizon, available assets, need for income, comfort level, and willingness to take risks. The scores from these different questions are then merged together into a single risk tolerance score.
2. What Can Affect Risk Tolerance?
An organization's risk tolerance is affected by five factors: timeline, goals, comfort level, portfolio size, and age.
About The Author
- Adam Wire is a Content Marketing Manager at OnBoard who joined the company in 2021. A Ball State University graduate, Adam worked in various content marketing roles at Angi, USA Football, and Adult & Child Health following a 12-year career in newspapers. His favorite part of the job is problem-solving and helping teammates achieve their goals. He lives in Indianapolis with his wife and two dogs. He’s an avid sports fan and foodie who also enjoys lawn and yard work and running.
- Board Management SoftwareNovember 16, 202310 Action Items to Reduce Remote Work Security Risks
- Board Management SoftwareNovember 13, 2023Vision Statement vs. Mission Statement: What’s the Difference? (Explained)
- Board Management SoftwareOctober 27, 2023How to Prepare an LLC Annual Report (Step-by-Step)
- Board Management SoftwareOctober 25, 2023What is a 501c3 Determination Letter? (Overview, Definition, and Examples)