IRM ERM M1U5.5 Risk Appetite & Tolerance Flashcards
IRM’s definition of risk universe
The IRM risk universe as ‘the full range of risks which could impact, either positively or negatively, on the ability of the organisation to achieve its long-term objectives’
there are some risks that are either ‘no-go’ areas or risks that generally don’t affect the organisation, for example a health insurance provider will not look to take risks in relation to vehicle or home insurance as it does not offer these products.
Risk capacity
risk capacity defined as ‘the level of risk that is unacceptable
an organisation will not have the capacity to take all risks within its universe, for example a health insurance provider will only be able to accept policies at a certain level of cover because it might not have the financial strength to cover certain health conditions.
Risk capacity & risk appetite
Risk appetite should be within risk appetite
Risk tolerance
Risk tolerance describes the area where risks can be tolerated for a certain amount of time, while active risk management is undertaken to bring those risks to an acceptable level.
This is sometimes also referred to the amount of ‘wriggle room’ an organisation has outside of their acceptable level of risk.
Risk tolerance vs tolerating a risk
The UK Government’s approach to risk appetite is part of the suite of documents related to the Orange Book (2020).
Their paper on Risk Appetite: Guidance Note (2021) notes that risk tolerance, or a tolerable risk position, should not be confused with tolerating a risk, by choice, as a risk response.
Risk appetite and tolerance
The optimal risk position is related to risk appetite, and the tolerable risk position is related to risk tolerance.
