StrategicRISK Asia-Pacific edition (Issue 19)

Let’s talk about risk appetite. Or more specifically, let me ask you – what is the point behind you, as a risk manager, preparing a specific risk appetite document for the board? Have you ever stopped and really thought about why you do it? If you are doing it because you believe it adds value to the management of the business, it may be time for a rethink.

There is rumbling of dissent about the actual usefulness of this document to management. Arguably, the dissent is currently only a minute snowball of momentum, but be sure – once it gathers enough sped and traction in the underbelly of the global risk management community, this boulder is certain to ignite a fiery debate.

A risk appetite document is a vertical silo tool. And it is being used during a period when most businesses are pushing for more horizontal, integrated ways of working. One might argue that silos themselves do not cause problems within a business, but the closed mentality that comes as a result of the silo-style operation does.

Writing a specific risk appetite document for the board separates risk management from all other parts of the business. How do you effectively make a mark across the whole business when you are not integrated within it?

Another argument against using a specific risk appetite document is that it is more easily ignored on the whole, than if each board-level policy had integrated risk profiling information. By creating a specific risk appetite document, you are admitting that the current policies for HR, IT, finance, communications and so on are not up to date from a risk management perspective.

Regularly reviewing and updating each policy with a specific risk analysis section is surely a more effective way of ensuring you are being heard on every issue of risk within the business.

In the creation of a specific risk appetite document, risk managers are essentially handing the board further ammunition to shorten the leash of management. You are adding barriers to management from a board level and making it more difficult for management to take a calculated risk on new products or markets. This goes against what most risk managers say they want to be seen as within their business.

You want to be a business enabler, not innovation impediment; a driver of transformation, not the brakes of revolution. Creating more rules for management from board level will not achieve this goal.

Risk management is about challenging the status quo. It is about looking at the facts in front of you, questioning whether there is a better or safer way of going and ensuring you have given your management and board all the tools they need to minimise potential risks. Yes, there is a need to cover all possible bases and scenarios, but it might be time to re-examine how you can achieve this.

Look around you. Innovation for improvement is evident in every part of life. Take cancer treatment, for example. We now avoid massive doses of chemotherapy if possible and instead use more targeted treatment methods to minimise side effects for patients.

Be bold. Tear up your risk appetite policy today. Tell the board you will no longer be doing a specific risk appetite document for them but instead you will be regularly reviewing each board-level policy and making risk recommendations for each area. Let go of the relative safety of the risk appetite life buoy and take a chance on a new way of working.

Whether you agree or disagree with these thoughts, our upcoming events in Hong Kong on 19 April and Singapore on 8 May will be debating this topic and many more, so please come along and be a part of the discussion with the StrategicRISK team. We look forward to hearing your thoughts. 

Click the link below to download the edition