Understanding the difference between risk appetite and risk tolerance can deter organizations from digesting too much risk.
The concepts of risk appetite and risk tolerance were introduced in 2004 in The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Enterprise Risk Management–Integrated Framework. Specifically, COSO defines risk appetite as “the amount of risk — on a broad level — that an entity is willing to accept in pursuit of value.” Naturally, organizations will have different risk appetites depending on their industry, management philosophy, operating style, culture, and objectives. Therefore, a range of appetites potentially exist for distinct risks, which may change over time. It is conceivable that organizations with separate business segments with various operations or subsidiaries operating in differing industries will have varying levels of risk appetite. In pursuing diverse business objectives, organizations should broadly understand the risk they are willing to undertake.
Copyright © 2018, Institute of Internal Auditors
Institute of Internal Auditors
Ramamoorti, Sridhar and Stover, Rick, "Risk Consumption" (2018). Accounting Faculty Publications. 96.
Accounting Commons, Business Administration, Management, and Operations Commons, Business Law, Public Responsibility, and Ethics Commons, Corporate Finance Commons, Nonprofit Administration and Management Commons