Governance Evaluator’s latest webinar on Risk Tolerance and Appetite by Aon Hewitt expert Jenny Dean presents an invigorating definition of risk appetite and tolerance today.
Our recent data revealed that our members marked the related question on this topic as either red or yellow in the evaluation questionnaire. With greater insights indicating that 90% of boards are progressively beginning to come to terms at understanding risk tolerance and appetite, let alone making a statement.
With tensions growing, and strong discussions taking place in boardrooms, Governance Evaluators webinar with Jenny Dean sheds light on the topic at hand through a very real, down to earth presentation. Jenny helps understand definitions, and key areas to address when setting up an organisations risk appetite and tolerance. The webinar covers key elements of risk appetite and tolerance, risk culture, and lastly risk maturity
5 key messages
1: Defining risk appetite, tolerance, and capacity
Risk appetite is the risk you need to take to achieve your strategic objectives, whereas risk tolerance is how comfortable you feel about this risk. The two combined together is where disagreements occur at the board table due to everyone’s different personal risk tolerances. This is a positive formula for diversity, debate and robust decision-making. We therefore feel more comfortable, due to the greater control of risk. These controls are often decided by our capacity. Therefore controls and resources directly affect how reassured we feel about risks.
The diagram below highlights how these key elements of risk are interconnected.
“It’s OK to have all your eggs in one basket as long as you control what happens to the basket.” Mark Twain.
2: What risk appetite statements should consider including?
Risk appetite and tolerance is not the same for different types of risk, the following slide recommends higher levels to consider.
Jenny advises the use of the quadrant model to elevate ‘people issues’ to make it more in line with strategy. For example, if you had a one page strategic plan with growth, customer service, employees, financial sustainability and operational efficiencies as the key pillars these directly relate to the four quadrants below that should be included in the risk appetite statement.
3: Setting the risk indicators which align with the risk appetite
The most difficult aspect is setting key risk indicators, which align with risk appetite and adequately monitor and measure the true risk profile of the organisation.
Important questions to consider:
– Do you have a combination of performance, lead and trend indicators and is the true cause of risk being monitored and controlled?
– Are remuneration and rewards aligned to risk appetite and KRIs?
– What is the impact on decision-making and are the right behaviours and desired culture supported by the measures used?
– Lastly, is it achievable based on ability to control on resources available?
Jenny highlights that some indicators actually cause the opposite behaviours. For example setting a KRI for no incidents may prevent staff in reporting incidents rather than addressing what caused them.
4: Importance of understanding risk culture
“The strategy organisations set dictates the kind of culture they need in the organisation”
– However, behaviour and how decisions are made, establish the real culture.
The slide below indicates that it doesn’t matter what you say or believe if you are unable to support the behaviours and decisions you make.
5: Risk maturity
The board’s involvement in risk makes the organisational risk practices stronger. Jenny presented some really interesting and compelling statistics about risk maturity. Organisations worldwide are developed early in relation to maturity for understanding risk.
In particular, as shown in the following slide, board director’s clarity for their roles and responsibilities for risk rates are very low for maturity worldwide.
This is why it is important for everyone involved in governance to get engaged and have robust discussion about their risk appetite and tolerance statements.