The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Thought Leadership   /  Understanding and Communicating Risk Appetite

Understanding and Communicating Risk Appetite

March 30, 20 participants from across industries gathered at the IERP® International Secretariat to hear from Anita Esa, head of Group Risk Management at CCM Duopharma Biotech Berhad. Speaking on understanding and communicating risk appetite, Ms. Anita emphasised that risk appetite differs from organization to organization. As such, her perspective is through the specific needs of CCM. A highlight of the session was Ms. Anita’s case study of CCM’s controlled demolition exercise. As the first controlled demolition in Malaysia, the lack of precedent coupled with the physical dangers presented a large range of risks. This case was used as an example for how risk appetite can be applied in tactical planning. During Q&A, participants expressed the challenges of developing a risk appetite and its relation to risk tolerance, risk exposure and risk capacity. Ms. Anita stressed that the risk appetite changes over time depending on the circumstances, available resources, skills, technologies or systems. Risk appetite must be approved by Board of Directors and communicated throughout the organization via communication channels in the organization and distributed during training and meetings. As part of Operational Risk Management, a well-articulated risk appetite statement can drive performance and improve decision-making throughout an organisation.

Other key takeaways:
• Risk appetite in an organization is set top-down. Strategic business objectives must first be established before risk appetite can be set to support those objectives.
• A risk appetite statement can be used in relation to three different considerations in an organization: 1) for strategy; 2) for tactical planning; 3) for operational constraints placed on the staff, for example for Limits on Authority as well as safety parameters.
• The steps in communicating risk appetite: 1) identify the stakeholders; 2) the purpose of the risk appetite; 3) decides the nature of the risk appetite information to be communicated.

User registration

Reset Password