Apac
  • Home
  • CXO Insights
  • CIO Views
  • News
  • Conferences
  • Newsletter
  • Whitepapers
  • About us
Apac
  • Admired Tech

    Agile

    AI Healthcare

    Artificial Intelligence

    Augmented Reality

    Aviation

    Big Data

    Blockchain

    Cloud

    Cryptocurrency

    Cyber Security

    Digital Transformation

    Drone

    HPC

    Infrared

    Internet of Things

    Networking

    PropTech

    Remote Work

    Scheduling Software

    Simulation

    Startup

    Storage

    Wireless

  • Banking

    E-Commerce

    Education

    FinTech

    Food and Beverages

    Healthcare

    Insurance

    Legal

    Manufacturing

    Pharma and Life Science

    Retail

    Travel and Hospitality

  • CISCO

    Microsoft

    Oracle

    Salesforce

    SAP

    ServiceNow

  • Business Intelligence

    CEM

    Cloud-based Planning

    Cognitive

    Compliance

    Contact Center

    Contact Tracing

    Contactless Payments

    Content Management System

    Corporate Finance

    CRM

    Custom Software Development

    Data Center

    Enterprise Architecture

    Enterprise Communications

    Enterprise Contract Management

    ERP

    Field Service

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    Product Management

    RegTech

    Revenue Management

Menu
    • Risk Management
    • Cognitive
    • Digital Transformation
    • E-Commerce
    • Blockchain
    • RegTech
    • IT Service Management
    • Augmented Reality
    • Microsoft
    • Contact Center
    • Collaboration
    • Healthcare
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Risk Management
    Editor's Pick (1 - 4 of 8)
    left
    Risk Assessment Keeping Cyber Bully Away

    Paul Ernst, CIO, Sandler Capital Management

    Digitization Transforming Business in all Sectors

    Robert Aitken, CIO, Beyond Bank Australia

    Trend Micro: Nurturing Risk Management with Hybrid Cloud

    CEO & Co-founder

    Ensuring your Seat on the Leadership Table

    David Otte, CAO and CIO, Bingham Greenebaum Doll LLP

    Cyber Fraud - the Silent Killer

    Bill Murphy, SVP, CIO & CRO, Fidelity Bank of Florida N.A.

    All Roads Lead to Risk Assessment

    Christopher R. Barber, EVP & CIO, Commonwealth Business Bank

    Fintech: Opportunities and Challenges in APAC

    Huankiat Seh, Co-founder and CTO, CoAssets Limited

    Big Data Analytics - Finding Diamonds in the Rough

    Fulvio Barbuio, Head Corporate Treasury and Risk, Australian Broadcasting Corporation

    right

    Demystifying Risk Appetite Statements

    By Rebecca Gurney, Principal Advisor, Risk, Continuity & Security, Stanwell Corporation

    Tweet
    content-image

    Rebecca Gurney, Principal Advisor, Risk, Continuity & Security, Stanwell Corporation

    In today’s fast-paced, continually changing risk environment, a challenge for organizations is to understand and measure individual perceptions of risk, to develop and mature risk culture, and hopefully, as a result, improve overall performance of the organization to achieve desired objectives. What influences the perception of risk and how can you establish cultural expectations in relation to risk taking behaviours? Furthermore, what can you do as an Executive and Leader to better understand measure and improve the risk culture within your organization? 

    An individual’s perception of risk is informed through their personal knowledge and beliefs (what they have experienced before), and is often inherently connected to their understanding of a problem (what they know about the problem), and their individual attitudes towards evaluating a problem (how much they value the problem).

    "Cultural expectations can be established in relation to what is and isn’t acceptable risk taking behaviour through the development of a Risk Appetite Statement (RAS)"

    Most organizations have methods in place for evaluating the consequence (or impact) and probability (or likelihood) of identified risks occurring, generally utilising a risk matrix. The risk management process within the international risk management standard ISO31000 provides guidance on how risk should be identified and evaluated. Risk appetite is also referred to within the standard, specifically within the risk management principles, where ‘human and cultural factors should be taken into account’ however the application of these principles is generally not as widely understood.

    Cultural expectations can be established in relation to what is and isn’t acceptable risk taking behaviour through the development of a Risk Appetite Statement (RAS).

    Risk appetite statements focus on the way in which the Board and/or Executive expect their organizations people to behave when making risk based decisions and are generally articulated through a number of guiding principles which outline the expectations in relation to risk exposure which is acceptable across key areas of concern. For example, depending on your industry, risk appetite statements could be established for financial, health and safety, cyber security, trading, environment, fraud, strategy, and/or reputational risk.

    Risk appetite statements differ from risk matrices as they set expectations for behaviour, whereas risk matrices evaluate and measure the consequence and likelihood of threats (both positive and negative) to an organization with little or no regard to the human factors. To ensure the risk appetite statement adds value, it should be simple and align to the core values of your organization. For example, an organization may have no appetite for risk taking behaviour which could result in harm to people. Whilst the risk appetite statement clearly articulates ‘no appetite’ for risk taking behaviour, this doesn’t necessarily mean that there is low or no health and safety related risk exposure within the organization. The risk matrix is what is used to evaluate the impact of specific events to the organization, whereas the risk appetite statement aims to align individual perceptions and tendencies for risk taking behaviour to provide an enterprise-wide set of behavioural expectations in relation to accepted risk taking behaviour.

    The following strategies can be used to improve the risk culture within your organisation:

    1. Establish cultural expectations: As part of your organization’s risk governance framework, consider developing a risk appetite statement (RAS) as an appendix to support the risk management policy. While your risk policy provides the structural framework for risk management within your organization, the RAS outlines the cultural expectations of risk-taking behaviour which is and is not acceptable.

    2. Use risk framework and procedure documents as an education/training tool: For the elements of your organization’s risk management process, which you are actively working to improve, include training boxes to your risk process and framework documentation. Communicate not just ‘what’ the process is or ‘how’ the process is to be applied, but also explain the ‘why’ it’s important.

    3. Evaluate and measure your current risk culture: By using a simple survey with questions about the understanding of the current risk processes of the organization, you will be able to use this information to establish a baseline measure of the risk culture within your organization.

    Establishing a simple, effective and measurable set of behavioural expectations which add value to enterprise-wide risk frameworks is challenging. The very process of measuring risk culture is a subjective process–there is no right or wrong approach, and cultural bias should be considered. Ultimately, the success of risk culture programs and an organization’s risk-governance framework will be measured through a visible improvement in the overall performance of the organization.

    Operating from Brisbane, Queensland, Stanwell Corporation has been the largest power generator of the state. Founded in the year 1997, the company with the capacity of more than 4100 megawatts, presently supplies for more than 45 percent of state’s power needs.

    tag

    Financial

    Weekly Brief

    loading
    10 Most Promising Risk Management Solution Providers - 2017

    Featured Vendors

    Delta Insurance

    Ian Pollard, Co-Founder & MD

    Broadridge

    David Becker , MD, Asia Pacific

    ON THE DECK

    Other 2021

    Top Vendors

    Content Management System 2020

    Top Vendors

    Previous Next

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Transforming business performance by taking an outside-looking-in customer perspective

    Transforming business performance by taking an outside-looking-in customer perspective

    Graham Perry, Managing Director, BWH Hotel Group Australasia
    Winning the Customer Service Rush During the Holiday Returns Season

    Winning the Customer Service Rush During the Holiday Returns Season

    Mark Abramowitz, SVP Marketing, Service Cloud at Salesforce
    MOBILE APPS IN THE NEW DECADE

    MOBILE APPS IN THE NEW DECADE

    Bibaswan Banerjee, Director, CRM and User Analytics, Klook
    Covid-19 and Lessons from the largest Work from Home Experiment

    Covid-19 and Lessons from the largest Work from Home Experiment

    Vikas Verma, Director Human Resources, United Overseas Bank
    Reimagine the Future of Education in a post-COVID-19 World

    Reimagine the Future of Education in a post-COVID-19 World

    Samson Tan, Head, Centre for Innovation in Learning, National Institute of Education
    A creative approach to remote simulator installations

    A creative approach to remote simulator installations

    Sharon Cooke, CEO, Airways International Ltd
    Priority 2021: Achieving 100% Automation in Finance

    Priority 2021: Achieving 100% Automation in Finance

    Ekaterina Sejourne, CFO, Puma Energy Asia Pacific Pierre Costa, Global CIO, Puma Energy
    Tech Tonic: How technology is helping the travel sector recover from the impact of Covid-19

    Tech Tonic: How technology is helping the travel sector recover from the impact of Covid-19

    Patrice Simon, CTO Data and Analytics, CWT
    Loading...

    Copyright © 2021 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap |  Subscribe

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://risk-management.apacciooutlook.com/cxoinsights/demystifying-risk-appetite-statements-nwid-3918.html