Risk Evaluation and Risk Appetite Flashcards
What is involved in risk evaluation?
Following risk analysis the results should be compared against the firm’s risk appetite to determine what additional action is required.
The outcome of risk evaluation should be recorded, communicated and validated at appropriate levels of the organisation and be dynamically reviewed based on the level of risk faced.
What is the IRM definition of Risk Appetite?
The amount of risk that an organisation is willing to seek or accept in pursuit of long term objectives.
What is the ISO 73 Guide definition of risk appetite?
The amount and type of risk that an organisation is willing to pursue or retain.
What forms the long term view of the firm on risk?
The risk appetite, risk attitude and risk criteria.
In what context should risk appetite be considered in?
STOC
What is a risk tolerance range?
A range of possible outcomes within the risk appetite.
What is the COSO ERM Definition of Risk Tolerance?
The acceptable level of variation relative to achievement of a specific objectives, and often is best measured in the same units used to measure the objective.
What are stages in developing a risk appetite statement?
- Identify stakeholders and their expectations.
- Define company wide risk exposure through STOC set in risk register.
- Establish the desired level of risk exposure that provides a risk appetite statement.
- Define the range of acceptable volatility and or uncertainty around each of the types of risk to develop a risk tolerance.
- Reconcile the risk appetite and tolerances with the current level of risk exposure and plan actions to bring exposure in line with appetite.
- Formalise the risk appetite statement and communicate it to stakeholders to implement.
What is EM3
Embrace - Opportunity Risk - Strategy
Manage - Uncertainty Risk - Tactics
Mitigate - Hazard Risk - Operations
Minimise - Compliance Risk - Compliance
