Operational risk management

Easily identify, measure, control and monitor the operational risks of your organization→


security risks

Ensures the confidentiality, integrity and availability of your information assets →



Keep track of all regulations and regulations that your organization must comply with →


Anti-Money Laundering

Easily identify, establish controls, and monitor AML risks→



Improve your internal audit processes, support regulatory compliance, and generate value for your organization through continuous improvement →

What will you learn? Learn with our experts about critical topics on Risk Management that will be useful in your daily work.

Piraní Academy

What is risk appetite?

written by Juan Pablo Calle, On August 20, 2020


Risk appetite refers to the amount of risk that an organization is willing to take in order to achieve its strategic objectives. Find out why it is important here.

In risk management, risk appetite is the first thing to be established. Why? The reason is very simple. By determining the level of risk that the company will face, you will know how many resources and efforts are required to manage it and mitigate a potential impact. This prevents financial risks

A classic example is investment.

Let's assume there are two different investment portfolios. In the former, the risk of loss is very high, but the level of profit may be higher if the investment is successful. In the latter, the risk of loss is very low, but the profit margin is very small.

Which of the two is most advisable?

That depends on the objectives. If you want to have a fixed income and make sure you do not suffer significant losses, perhaps the latter is the best. However, if you are looking for a higher return on investment, the former one would be more appropriate.

That is how it works in business. The level of risk that the company is willing to take leads to decision-making, it guides them.

However, this level may also be relative for a specific risk category. For example, depending on an organization's strategic objective, a company may accept a high level of risk in order to invest. But if the investment is made in an emerging company and there is more than a 50% chance of losing half of the capital, the company refrains from investing.

This appetite deviation is known as risk tolerance.


The figure above explains both concepts.

At each of the end points is the minimum and maximum risk that a company can take, i.e. its total risk capacity.

The green space, which is in the middle, is the risk appetite, that is, how much risk the company is willing to take.

And finally, the yellow space that follows indicates the level of tolerance, that is, the acceptable level of variation to the risk that a company takes on a specific objective, such as investing in an emerging company.

According to this scheme, risk appetite has a broader scope and depends on the organization's overall mission, while risk tolerance involves more specific and concrete objectives.

How to calculate them

As we said, this will depend on the strategic objectives of each company. However, there are different factors that must be taken into account to determine the risk appetite and tolerance:

  •  The type of industry the company belongs to.
  •  The risk culture.
  •  The competition.
  •  The organizational objectives.
  •  Financial capacity.

In addition to these elements, risk appetite and tolerance depend on circumstantial aspects, such as the budget, human resource skills and the technologies or systems used by the company. They should therefore always be reviewed periodically and modified as the context changes.

To begin with, you can use a control matrix to help you assess the likelihood vs. impact of risks to define them as acceptable, manageable, or unacceptable.

Money Laundering and Terrorism Financing Prevention Manual


Try Pirani For FREE NOW
Download a free Excel Risk Matrix Template
Free e-book Prevention & Correction of Human Error For Risk Management

Leave us your comments