Risk Appetite Explained
In the face of the many recent failures of financial institutions, following market and asset crises and in the context of mounting regulatory demands from Basel 3, Solvency 2 and Dodd Frank, risk management is a topic high on the executive agenda. In particular, much emphasis has been placed on risk appetite and the role it has to play in an enterprise risk management approach, as part of an overall strategy execution process.
But what is Risk appetite?
First and foremost, risk appetite is a necessary dimension of an organisation’s policy that sets the boundaries within which their executive team and others within the business execute strategy and take risk. It is set at board level and it is not something that can or should be delegated, either to the executive team or risk team.
What the Standards Say
The Committee of Sponsoring Organisations of the Treadway Commission’s (COSO) Enterprise Risk Management – an Integrated Framework, 2004 defines risk appetite as the amount of risk, on a broad level an entity is willing to accept in pursuit of value. COSO makes two key points related to appetite. Firstly, it states that [risk appetite] reflects the entity’s risk management philosophy, and in turn influences the entity’s culture and operating style. Secondly, COSO establishes the link between appetite and strategy, stating explicitly: risk appetite is directly related to an entity’s strategy.
The Risk Management Code of Practice from the British Standards institution, BS31100:2008 defines risk appetite as the amount and type of risk that an organisation is prepared to seek, accept or tolerate. This standard also relates appetite to strategy and governance stating: considering and setting a risk appetite enables an organisation to increase its rewards by optimising risk taking and accepting calculated risks within an appropriate level of authority.
What Manigent Says
Manigent, a Strategy Execution and Risk Management Consultancy Firm, provides a slightly broader definition of risk appetite as: the amount and type of risk that an organisation is willing to accept, and must take, to achieve their strategic objectives and therefore create value for shareholders and other stakeholders. By adding ‘and must take’, Manigent’s definition expresses that taking risk is an inherent part of strategy execution and value creation. Risk is not just about avoiding potential losses, but also about exploiting opportunities.
Why is Risk Appetite Important?
Many times, history has demonstrated that companies having a ‘performance-only’ approach to strategy execution, were they are prone to losses and failures once adverse circumstances emerge. The cascade of bank failures trapped into excessive credit derivatives exposures in 2008, the hard landing of the US economic after a widely identified, yet widely disregarded, asset bubble, the gigantic losses of the insurance sector in the aftermath of the technological bubble burst, the current struggle of continental banks stuck with excessive exposure to European sovereign debt, billions of rogue trading losses at Société Générale and UBS, the failure of MF Global after a strategy push for proprietary trading. Examples pleading for a risk based approach to strategy execution are countless.
This implies, at Board level, a decision on the amount of risk the organisation is capable and is willing to take, that translate into a Risk Appetite Statement.
The Necessary Features
Risk appetite statement needs to be defined at the top, in line with the strategy and the value drivers of the business, transparent, unambiguous, and cascaded down through all decision levels of the organisation.
Rather than “are we on track to hit our targets?, board members and executives must ask a different question: “is the organisation operating within appetite?”. This question puts the alignment of risk-taking to strategy at the heart of the strategic conversation and incorporates both the performance and risk dimensions of strategy execution.
As a board level tool, Manigent believe that the definition of risk appetite must be closely coupled with the definition of strategy. Therefore, one of the first steps in the risk appetite definition process is to define a clear set of business drivers related to the organisation’s business model and strategy. Once the board and executive have determined the business drivers, those few key determinants of success, these should then be used to define the organisational risk appetite.
Board involvement in setting and monitoring adherence to firms’ risk appetite and the presence of actionable elements that articulate firms’ intended responses in cases of breaches in limits are two key features highlighted by the Senior Supervisors Group in their report on the risk management lessons from the 2008 crisis.
A Risk Appetite Statement is a set a limits within which a company is allowed to operate. Any breach of those limits during the execution of the strategy must be reported to the Board that will either allow an exception or revise its risk appetite based on due justification, or take appropriate actions to reduce to risk exposure and realign the exposure of the business within its appetite. Manigent fully supports and helps his clients adhering to these good principles of corporate governance, widely recommended to the financial services industry.
To hear more from Manigent click here.
With thanks to Risk Management Magazine for publishing this piece. To subscribe to their Risk newsletter visit: http://www.riskmagazine.com.au/subscribe/newsletter/