“The financial industry has demonstrated exceptional resilience in the wake of COVID-19 and should be praised for that. Much is, however, still to be strengthened at all levels, and learnings from the past year should be built upon to fully utilize opportunities while continuing to mitigate key risks,” said risk expert Dr Ariane Chappelle of Chappelle Consulting, after winning “Best Risk Management Advisory & Training Firm – Europe” in SME News’ UK Finance Awards last year.
Perhaps now, given mounting regulatory pressure and a greater focus on corporate governance, not least the additional challenges catalysed by the pandemic, FS organizations should give due consideration to their risk appetites and control frameworks. Within such an evolving regulatory and risk environment, are they fit-for-purpose and helping your business to balance risks v opportunities?
The challenge of articulating risk appetite
When well-defined, an organization’s risk appetite will set parameters that connect business strategy, target setting and risk management, instilling risk metrics into day-to-day dialogues, risk reporting and decision-making. Yet defining risk appetite is undoubtedly complicated.
According to the Price Waterhouse Coopers paper ‘Risk Appetite – How hungry are you?’ the complexity is in part because “Different parts of the organization and external stakeholders have different perspectives. Equity investors’ appetite for risk will differ from that of the rating agencies. Equity investors want to see a return; rating agencies want to minimize the risk of default. The regulator’s perspective differs from management’s which differs from that of customers, employees, bondholders etc.”
Chappelle too, suggests that risk appetite is a ‘topic which remains from our experience a struggle in many organizations and particularly perhaps in light of the Basel Committee’s guidance on risk appetite and tolerance for banking organizations, which recommends articulating the motivations for taking on or avoiding certain types of risk and establishing boundaries or indicators.
KRIs as critical predictors
Businesses seeking to improve their risk management may benefit from establishing or revising their risk appetite statement and developing a set of KRIs, which will provide significant insights into gaps or weak points within their risk and control environments. Monitoring changes in risk exposure, KRIs, as metrics of changes in risk profile, can play a key role in the prevention or mitigation of major events.
The Institute of Operational Risk’s view is that KRIs should be applied to operational risks that an organization might be highly exposed to, which may jeopardize the fulfilment of operational objectives or fall outside of risk appetite.
Indicators may also be used to highlight the positives, such as effective internal control where they are within defined thresholds, and to provide assurance that risks are being appropriately managed to the board and stakeholders.
When key risks are mapped to strategic initiatives, management can identify the most relevant and critical metrics and track their performance. And when measurable, meaningful KRIs have been determined, thresholds can be validated, and set according to risk appetite and tolerance.
Appetite and Key Risk Indicators Webinar
Interested in learning more about the interplay between risk appetite and KRIs?
Dr. Ariane Chappelle shared her insights into risk appetite and the roles, attributes, and use of preventative KRIs within banking and FS markets.
For more on effectively managing risk at an enterprise level, download our e-book, Charting a Course for Enterprise Risk Management, and check out Riskonnect’s ERM software solution.