When it comes to Risk, Appetite is Tolerance

Previously, with many others I believed that Risk Appetite would have to be the starting point of discussion for anything Risk within organisatons. The appetite, following from discussions on Strategy being the choices of directions and subsequent steps that would need to be taken to achieve strategic objectives, i.e., where one sees the organisation ending up in the future. Very clearly elucidated here. Backtracking, one will find the risks associated with these possibly multiple directions and steps — in qualitative terms, as NO valid data exists (logically necessarily, since these concern the future and hence are determined by all information in the universe which, logically, cannot be captured in any model since then, the model would have to be part of itself, incurring circularities ad infinitum and already, the organisational actions will impact the context and vice versa, in as yet (for the same reason) unpredictable ways.
And then … This risk appetite, automatically equated with the risk tolerance by the Board for risks incurred bottom-up by the mundane actions of all the underlings (i.e., including ‘managers’, see yesterday’s post), then suddenly would have to be in quantitative terms… [Yes, bypassing tolerance-as-organisational-resilience-capacity]
As all that goes around in organisations, through the first 99.9% of Operational / Operations Risk, and then some 10% industry-specific risks (e.g., market- and credit- for the finanical industry), not measured but guesstimated by hitherto outstandingly some that have least clue and experience [otherwise, they would have been much better employed in the first line of business themselves… The picture changes favorably (!) where we see some organisations shift to first-line do-it-yourself risk management… finally!] with what the chance and impact figures would be. As if those were the two only quantities to be estimated per ‘event’… As if any data from anywhere would be sufficiently reliable benchmarking material — If you believe that nevertheless, you should be locked up in a treatment facility… Yes sometimes it’s taken to be this moronic… No need to flame bigger here, as that was already done here.

But wait where was I. Oh, yeah, with the bypassing of tolerance defined as what the organisation could bear. The bare fact being, that no-one can establish a reliable figure for that. What the Board can and want to bear … Considering that the Board would have to be all-in, i.e., not only all of their bonuses since ever under clawback threat, but also all of their earned income incl salaries and personal wealth — if any of the Board would not want to risk all they ever had and have, bugger off this is what you signed up to. Considering also that strategic decisions are about wagering the existence of the company on choosing right or else, this wagering the well-being and wealth of all employees however unable to bear loss by mere fact of never had the ability to create some reserves, the previous consideration isn’t exaggerated. You wager others’ very existence, you wager your own ‘first’.

Summa summarum:
Risk Appetite is what the Board lets happen as Risk Tolerated Already.

[And away goes your grand hallway down the drain; [non-related] Haarzuilens, Utrecht]


About maverisk

Maverisk Consultancy, IS Audit and Advisory services: Wikinomics meets governance and audit; otherwise, see my personal LinkedIn profile
This entry was posted in ERM, GRC, Information Security, Innovation (technologicallly driven), Sociological, psychological notes and tagged , , , , , , , , , , . Bookmark the permalink.

One Response to When it comes to Risk, Appetite is Tolerance

  1. Pingback: No C3PO, just PO | Maverisk

Your comments are welcomed!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s