What is your Organization’s Appetite and Tolerance for Risk?

By Randall Rollinson

Over the past several months we developed a strategic thinking course for one of our primary clients.  As we got into the design and development of the course, we discovered that managing risk is a critically important consideration in thinking strategically. Solid strategic thinking related to executing the organization’s strategy includes assessing the trade-offs involved in selecting a particular course of action, understanding and managing risks and selecting the most appropriate trade-off.

In general, when risk is present there is a chance that an organization’s strategic plan will fail and the organization will not receive a return on their investment in strategy and ultimately their bottom line. Therefore, as part of executing an organization’s strategy leaders and managers need to consider risk as a critical success factor to be strategized around and ultimately managed. To manage risk, we need to consider the kinds of activities or events that could pose a risk to an organization and take steps to mitigate them.

Types of Risks[i]


Besides understanding the types of risk there are two fundamental concepts involved in risk management that every organization needs to consider and understand as part of strategy development and execution.

The first is RISK APPETITE.  Risk appetite is often defined as the broad-based amount of risk an organization is willing to accept in pursuit of its mission/vision. It is established by the organization’s most senior level leadership and serves as a guidepost in setting strategy and selecting strategic objectives.

Risk Appetite versus Risk Tolerance[ii]

Risk Appetite versus Risk Tolerance

The second is RISK TOLERANCE.  Risk tolerance is often defined as the acceptable level of variance in performance relative to the achievement of a particular strategic objective. It is generally established at the program, objective or component level. In setting risk tolerance levels, management teams should consider the relative importance of the related objective(s) and align risk tolerance with risk appetite.

We don’t have to look very far these to understand why risk management is gaining increased mindshare in C-suites around the world.  One example of that can be seen in the federal government where every government agency is now required to have a Chief Risk Officer.  (See OMB Circular A-123)

Another important consideration is that all risks are not of equal priority and require actions that fit the level and likelihood of risk.  One example of a this is related to managing project risk.  Below is a helpful assessment tool developed by Enterprise PM.

Assessing Risk[iii]

Assessing Risk

In summary, risk is ever-present.  As such it must be accounted for during the strategy selection process and managed throughout the strategy management process.  It is the role of leaders and managers to develop and maintain effective internal control to mitigate risk on a timely basis.


[i] http://smallbusiness.chron.com/types-business-risk-99.html
[ii] https://www.rims.org/resources/ERM/Documents/RIMS_Exploring_Risk_Appetite_Risk_Tolerance_0412.pdf
[iii] http://www.enterprise-pm.com/pmbasics/risk-management-models   http://www.enterprise-pm.com/pmbasics/risk-analysis

Leave a Reply