Document Type

Article

Publication Date

4-1-2018

Publication Source

Internal Auditor

Abstract

Understanding the difference between risk appetite and risk tolerance can deter organizations from digesting too much risk.

The concepts of risk appetite and risk tolerance were introduced in 2004 in The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Enterprise Risk Management–Integrated Framework. Specifically, COSO defines risk appetite as “the amount of risk — on a broad level — that an entity is willing to accept in pursuit of value.” Naturally, organizations will have different risk appetites depending on their industry, management philosophy, operating style, culture, and objectives. Therefore, a range of appetites potentially exist for distinct risks, which may change over time. It is conceivable that organizations with separate business segments with various operations or subsidiaries operating in differing industries will have varying levels of risk appetite. In pursuing diverse business objectives, organizations should broadly understand the risk they are willing to undertake.

Inclusive pages

36-41

ISBN/ISSN

0020-5745

Comments

The document available for download is the published version, provided in compliance with the publisher's copyright policy. Permission documentation is on file.

Publisher

Institute of Internal Auditors

Volume

75

Issue

2


Share

COinS