Risk appetite is a critical link between strategy and performance. In an effort to help executives and managers better understand and communication risk appetite, the Committee of Sponsoring Organizations (COSO) issued new guidance, on how organizations can promote risk appetite as an integral part of decision-making.
The guidance, titled “Risk Appetite–Critical to Success,” focuses on linking risk appetite with strategies and objectives and applying appetite as part of managing an organization for success, given the amount of risk the organization is willing and needs to take.
“Risk appetite is a fundamental part of setting strategy and objectives, providing context as the organization pursues a given level of performance,” said Paul Sobel, COSO Chairman. “What is important is to recognize that the choice of strategies and objectives requires an understanding of the appetite for risk. While most often an organization can adjust to take on more risk, there may be times where it needs to adjust the appetite, or perhaps even strategy, to accommodate a shifting business environment such as the one we are currently experiencing.”
As noted in the paper, risk appetite must be flexible enough to adapt to changing conditions, helping an organization to remain relevant in the evolving landscape. Those who anticipate and understand their risk when change happens are better able to embrace the change and be more agile in challenging conditions.
“Organizations take risk to succeed. But risk can’t go unchecked. Setting and understanding risk appetite is an important element of corporate governance, strategic planning, and decision-making,” said Martens. “Determining appetite through a performance lens requires deep discussions that affect management and boards and, to be effective, permeate an organization’s culture. In this way, appetite reflects the mission and vision and integrates with strategy and objectives with the end goal of adding value.”
Added Rittenberg: “We believe that risk appetite is a critical link between forming strategy and realizing performance. Our goal, consequently, is to help boards, executives, and managers improve their strategy setting and performance by showing them how they can more effectively apply risk appetite.”
COSO’s Enterprise Risk Management—Integrating with Strategy and Performance is an update to the Enterprise Risk Management —Integrated Framework and addresses the evolution of enterprise risk
management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment.