100%(3)3 out of 3 people found this document helpful
This preview shows page 8 - 11 out of 14 pages.
2.3 The role of risk appetite in developing risk decisionaccountabilityRisk appetite can be defined as ‘the amount and type of risk that an organization is willing totake in order to meet their strategic objectives. Organizations will have different risk appetitesdepending on their sector, culture and objectives. A range of appetites exist for different risksand these may change over time. Risk appetite and tolerance need to be high on any board'sagenda and is a core consideration of an enterprise risk management approach. IRM’sguidance provides practical direction, advice and information to support boardroom debate. While risk appetite will always mean different things to different people, a properlycommunicated, appropriate risk appetite statement can actively help organizations achievegoals and support sustainability. “The risk appetite statement is generally considered thehardest part of any enterprise risk management implementation. However, without clearlydefined, measurable tolerances the whole risk cycle and any risk framework is arguably at ahalt”. (Jill Douglas, 2011).For instance, many financial risks can be absorbed or transferred through the use of a hedge,such as options, forwards and other directives. while legal risks might be mitigated throughunique contract language. If managers believe that the firm is suited to absorb potential lossesin the event the negative outcome occurs, they will have a larger appetite for risk given theircapabilities to manage it. (Boundless, 2016)
2.4 The contribution made by ISO31000:2009 In November 2009, AS/NZS ISO 31000: 2009 replaced the previous Australian and New Zealandrisk management standard AS/NZS 4360: 2004 and provides principles and general guidelines fordeveloping risk management frameworks and programs. The flow chart shows the steps ofapproach below:Figure1. AS/NZS ISO 31000:2009 Approach(Source: )According to the flow chart above, the advantages of the ISO31000 approach to risk governanceare clear to see. This approach is not a stand-alone method assist for decision maker analysis andsolve the risks during the process of risk governance. It is a comprehensive framework of decisionmaking in risk management. Using this approach could assist organization increase the likelihoodof achievement objectives and improve the ability of recognition of opportunities and challenges,
which means it would reduce the risks while improve the effective decision-making.In the international standard ISO31000 risk management - risk assessment and governance, clearlyshows the five basic questions need to be addressed in the risk assessment process: