IRM ERM M1U5.7 - Risk appetite criteria Flashcards
‘three-leg’ or ‘four-leg’ risk appetite limit system
Some organisations prefer a ‘three-leg’ limit system,
which includes the upper limit, one trigger, and a lower limit, often referred to asthe risk target.
Leading market practice leans towards a ‘four-leg’ system, with an upper and lower limit, with related triggers.
A key observation to make here is that the upper and lower limits also function as triggers, requiring escalation and corrective action.
the UK Government (2021) ‘five-leg’ system
Opposed / averse (upper limit) – avoidance of risk
Minimalist – preference for safe options with a low degree of inherent risk
Cautious – preference for safe options with a low degree of residual risk
Mindful / open – willing to consider all options and choose one that is most likely to result in successful delivery
Enterprise / eager (lower limit) – eager to be innovative and to choose options based on maximising opportunities / accept greater uncertainty
Risk appetite triggers
Risk appetite triggers - the ‘level at which escalation occurs to a higher-level forum, committee or level of authority because the risk profile is sufficiently close to the risk appetite limit that corrective action should be considered’.
The upper and lower risk appetite limits are also considered risk appetite triggers.
Triggered Action Response Plans (TARP),
In the mining sector, these health and safety triggers are termed Triggered Action Response Plans (TARP), which is very similar concept to the triggers includedin the Deloitte risk appetite paper. The TARP approach is usually a ‘three-leg’ system, with the following trigger levels
Green - the risk can be managed by the ‘workplace’ team (the lower limit)
Yellow – the affected area is stopped, and the ‘Yellow’ team brought in to support the remedial process and sign off for work to continue
Red – the affected area is stopped, and the ‘Red’ team brought in, along with other relevant managers, who develop remedial responses and approvecontinued work
zero’ risk appetite & ALARP
Acommon statement regarding the appetite for taking risks is that organisations have ‘zero’ risk appetite or ‘zero’ risktolerance. If this were truly the case, then most organisations would not be able to operate as it is impossible to eliminate every risk that includes a health andsafety impact.
A more useful approach is to provide risk appetite triggers that reflect the capability of an organisation to manage its risks to as low as reasonably practicable –the ALARP principle.
HILPs
Those risks that have a high impact and low probability, also known as HILPs.