Understanding strategic risk appetite
Risk appetite is notoriously difficult to articulate even for the most accomplished organizations yet it is one of the most crucial elements of strategy design. While risk appetite has long been an element of ERM, it is also one of the most critical components of strategy design.
Risk Appetite is commonly defined as the amount and type of risk that an organization is willing to take to meet its objectives based on risk-reward trade-offs. Risk appetite is strategic – driven by strategic objectives and informed by enterprise risk identification and analysis efforts. Defined risk appetite is a crucial component within the ERM process because it helps to prioritize which risks are truly strategic versus all the others (which are important but not strategy-impacting).
However, it is even more crucial to strategy design because it defines the boundaries of the actions anticipated to achieve the highest imperatives that drive the purpose, growth, and evolution of the organization. The challenge is that risk appetite most often emanates from the structure and perspective of operational risk instead of strategic priorities - the very thing it is meant to drive and protect.
The ESRA Framework
The Essential Strategy Risk Appetite (ESRA) Framework is an approach to designing risk appetite by focusing on key questions that create strategic intent while utilizing enterprise risk intelligence to inform the context and measurement of the answers. The ESRA Framework is grounded in the Essential Strategy philosophy that strategy is best designed to address the purpose, growth and evolution of the organization, regardless of industry, size or complexity. Using this model, we create defined risk appetite statements as they relate to the entity’s top level strategic goals while balancing purpose, growth and evolution imperatives.
Within the Framework, we ask four questions that create the context for defining risk appetite:
How much do we invest before the cost is too great?
How fast can we get there without sacrificing value?
To what extent are we willing to change?
What threats have the potential to disrupt the Mission Critical Path?
Each of these questions is framed by key risk categories as well as key metric categories to make the discussion holistic, meaningful and measurable.
These four questions form the basis of defining risk appetite in a way that supports a balanced strategy approach and gives deeper meaning to enterprise risk models. Each of these questions includes specific guidance on context and measures to support clear definition of risk appetite which can be cascaded into key performance and risk indicators that support the escalation of critical strategy-impacting risk across the organization. When risk appetite is clearly defined, it creates the mechanism for more refined risk prioritization than what risk tolerance alone can accomplish.
While the ESRA Framework was designed to work seamlessly with the Essential Strategy approach, it can be applied with any planning approach by simply applying the four questions to key strategic objectives.
Link to free ESRA guidbook