Executive Summary - The Institute of Risk Management

More documents

Recommendations

Info

About IRMThe Institute of Risk Management (IRM)is the world’s leading enterprise riskmanagement education Institute. We areindependent, well-respected advocates ofthe risk profession, owned by practising riskprofessionals. We provide qualifications,short courses and events at a range oflevels from introductory to board leveland support risk professionals by providingthe skills and tools needed to deal withthe demands of a constantly changing,sophisticated and challenging businessenvironment. We operate internationallywith members and students in over 90countries, drawn from a variety of riskrelateddisciplines and a wide range ofindustries in the private, third andpublic sectors.About the AuthorRichard Anderson, the principal authorof this booklet, is Deputy Chairman ofIRM. Richard is also Managing Directorof Crowe Horwath Global Risk Consultingin the UK. A Chartered Accountant, andformerly a partner at a big-4 practice,Richard has also run his own GRC practicefor seven of the last ten years. Richardhas been professionally involved with riskmanagement since the mid-ninetiesand has broad industry sector experience.He wrote a report for the OECD onCorporate Risk Management in the bankingsector in the UK, the USA and France.He is a regular speaker at conferencesand contributes to many journals on riskmanagement and governance issues.“It is interesting, but not surprising,that whilst a significant proportionof financial organisations who haveformally articulated a risk appetitestatement have been compelled to doso by regulatory requirements, nonfinancialorganisations have developedrisk appetites in order to assist in theachievement of strategic goals.”Source: Jill Douglas,Head of Risk,Charterhouse Risk Management6
Risk appetite –principles and approachIt is often said that no companycan make a profit without takinga risk. The same is true for allorganisations: no organisation,whether in the private, publicor third sector can achieve itsobjectives without taking risk.The only question is how muchrisk do they need to take?And yet taking risks withoutconsciously managing thoserisks can lead to the downfall oforganisations. This is the challengethat has been highlighted by thelatest UK Corporate GovernanceCode issued by the FinancialReporting Council in 2010.The following key principles haveunderpinned our work on risk appetite:1 Risk appetite can be complex. Excessivesimplicity, while superficially attractive,leads to dangerous waters: far betterto acknowledge the complexity anddeal with it, rather than ignoring it.2 Risk appetite needs to be measurable.Otherwise there is a risk that anystatements become empty andvacuous. We are not promoting anyindividual measurement approach butfundamentally it is important thatdirectors should understand how theirperformance drivers are impactedby risk. Shareholder value may be anappropriate starting point for someprivate organisations; stakeholdervalue or ‘Economic Value Added’ maybe appropriate for others. We alsoanticipate more use of key risk andcontrol metrics which should be readilyavailable inside or from outside theorganisation. Relevant and accuratedata is vital for this process and weurge directors to ensure that there isthe same level of data governance overthese metrics as there would be overroutine accounting data.7
Page 1 and 2: AppetiteRisk & ToleranceExecutive S
Page 3 and 4: ForewordRisk appetite today is a co
Page 5 and 6: All successful organisations need t
Page 7: We do not regard this guidanceas th
Page 11 and 12: Risk and controlWe think that this
Page 13 and 14: We believe that the appetite will b
Page 15 and 16: Flexibility - all of this needs to
Page 17 and 18: Questions forthe boardroomBelow we
Page 19 and 20: Governing a risk appetite20 Is the

Executive Summary - The Institute of Risk Management

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?