Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Technology

    Enterprise Security

    HPC

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    POS

    QA and Testing

    Robotics

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Google

    HP

    IBM

    Intel

    Microsoft

    Oracle

    Red Hat

    Salesforce

    SAP

    VMware

  • Business Intelligence

    Business Process Management

    CEM

    Collaboration

    Corporate Finance

    CRM

    Data Center

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Fleet Management

    Gamification

    Geographical Information System

    HR Technology

    IT Service Management

    Managed Services

    Payments

    PLM

    Procurement

    Project Management

    Risk Management

    Sales and Marketing

    Workflow

Menu
    • DevOps
    • Automotive
    • FinTech
    • Robotics
    • SAP
    • Amazon
    • Big Data
    • Education
    • HPC
    • Simulation
    • CISCO
    • Web Development
    • AI
    • EPM
    • ERP
    • Project Management
    • Salesforce
    • Sports
    • Travel and Hospitality
    • Unified Communication
    • IT Services
    More
    Education HPC Simulation CISCO Web Development AI EPM ERP Project Management Salesforce Sports Travel and Hospitality Unified Communication IT Services
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Risk Management
    Editor's Pick (1 - 4 of 8)
    left
    CIOs Need To Know Their Business, Not Just Tech

    John Sadowski, EVP & CIO, Sandy Spring Bank

    Your Next Law Firm Website Project

    Vic Peterson, CIO, Stinson Leonard Street LLP

    Essentials for a Compliant Environment

    Seevali Fernando, Group CIO, Hoya Corporation

    The Digital Agency

    Ralph Chivers, CIO, Ministry of Business Innovation and Employment, New Zealand

    E-commerce and the Data behind it

    Klemen Drole, CIO, Lazada Group

    Need and Importance of IT in the Shipping Industry

    Anjan Deb, GM-IT (CIO), The Great Eastern Shipping

    At the Crossroads of Sports and Technology

    Jerry Mcglynn, CIO, Specialized Bicycle Components

    Proliferative Innovation via Platform+Agile

    Dr. Steve Hodgkinson, CIO, Department of Health & Human Services in Melbourne, Australia

    right

    Demystifying Risk Appetite Statements

    By Rebecca Gurney, Principal Advisor, Risk, Continuity & Security, Stanwell Corporation

    Tweet
    content-image

    Rebecca Gurney, Principal Advisor, Risk, Continuity & Security, Stanwell Corporation

    In today’s fast-paced, continually changing risk environment, a challenge for organizations is to understand and measure individual perceptions of risk, to develop and mature risk culture, and hopefully, as a result, improve overall performance of the organization to achieve desired objectives. What influences the perception of risk and how can you establish cultural expectations in relation to risk taking behaviours? Furthermore, what can you do as an Executive and Leader to better understand measure and improve the risk culture within your organization? 

    An individual’s perception of risk is informed through their personal knowledge and beliefs (what they have experienced before), and is often inherently connected to their understanding of a problem (what they know about the problem), and their individual attitudes towards evaluating a problem (how much they value the problem).

    "Cultural expectations can be established in relation to what is and isn’t acceptable risk taking behaviour through the development of a Risk Appetite Statement (RAS)"

    Most organizations have methods in place for evaluating the consequence (or impact) and probability (or likelihood) of identified risks occurring, generally utilising a risk matrix. The risk management process within the international risk management standard ISO31000 provides guidance on how risk should be identified and evaluated. Risk appetite is also referred to within the standard, specifically within the risk management principles, where ‘human and cultural factors should be taken into account’ however the application of these principles is generally not as widely understood.

    Cultural expectations can be established in relation to what is and isn’t acceptable risk taking behaviour through the development of a Risk Appetite Statement (RAS).

    Risk appetite statements focus on the way in which the Board and/or Executive expect their organizations people to behave when making risk based decisions and are generally articulated through a number of guiding principles which outline the expectations in relation to risk exposure which is acceptable across key areas of concern. For example, depending on your industry, risk appetite statements could be established for financial, health and safety, cyber security, trading, environment, fraud, strategy, and/or reputational risk.

    Risk appetite statements differ from risk matrices as they set expectations for behaviour, whereas risk matrices evaluate and measure the consequence and likelihood of threats (both positive and negative) to an organization with little or no regard to the human factors. To ensure the risk appetite statement adds value, it should be simple and align to the core values of your organization. For example, an organization may have no appetite for risk taking behaviour which could result in harm to people. Whilst the risk appetite statement clearly articulates ‘no appetite’ for risk taking behaviour, this doesn’t necessarily mean that there is low or no health and safety related risk exposure within the organization. The risk matrix is what is used to evaluate the impact of specific events to the organization, whereas the risk appetite statement aims to align individual perceptions and tendencies for risk taking behaviour to provide an enterprise-wide set of behavioural expectations in relation to accepted risk taking behaviour.

    The following strategies can be used to improve the risk culture within your organisation:

    1. Establish cultural expectations: As part of your organization’s risk governance framework, consider developing a risk appetite statement (RAS) as an appendix to support the risk management policy. While your risk policy provides the structural framework for risk management within your organization, the RAS outlines the cultural expectations of risk-taking behaviour which is and is not acceptable.

    2. Use risk framework and procedure documents as an education/training tool: For the elements of your organization’s risk management process, which you are actively working to improve, include training boxes to your risk process and framework documentation. Communicate not just ‘what’ the process is or ‘how’ the process is to be applied, but also explain the ‘why’ it’s important.

    3. Evaluate and measure your current risk culture: By using a simple survey with questions about the understanding of the current risk processes of the organization, you will be able to use this information to establish a baseline measure of the risk culture within your organization.

    Establishing a simple, effective and measurable set of behavioural expectations which add value to enterprise-wide risk frameworks is challenging. The very process of measuring risk culture is a subjective process–there is no right or wrong approach, and cultural bias should be considered. Ultimately, the success of risk culture programs and an organization’s risk-governance framework will be measured through a visible improvement in the overall performance of the organization.

    Operating from Brisbane, Queensland, Stanwell Corporation has been the largest power generator of the state. Founded in the year 1997, the company with the capacity of more than 4100 megawatts, presently supplies for more than 45 percent of state’s power needs.

    Read Also

    Fintech: Opportunities and Challenges in APAC

    Fintech: Opportunities and Challenges in APAC
    Fintech and Risk Management: Oil and Water Never Mix?

    Fintech and Risk Management: Oil and Water Never Mix?
    Leveraging Compliance Infrastructure Investment as a Basis for Scenario-Based Governance

    Leveraging Compliance Infrastructure Investment as a Basis for Scenario-Based Governance
    Taking Risk ...Well

    Taking Risk ...Well
    10 Most Promising Risk Management Solution Providers - 2017

    10 Most Promising Risk Management Solution Providers - 2017

    Featured Vendors

    Delta Insurance

    Ian Pollard, Co-Founder & MD

    Broadridge

    David Becker , MD, Asia Pacific

    Risk Management Special

    Copyright © 2018 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://risk-management.apacciooutlook.com/cxoinsights/demystifying-risk-appetite-statements-nwid-3918.html