• First Reference
  • About us
  • Contact us
  • Blog Signup 📨

First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies
You are here: Home / Business / COSO ERM explains the flaw in risk appetite statements

By Norman D. Marks, CPA, CRMA | 2 Minutes Read December 6, 2017

COSO ERM explains the flaw in risk appetite statements

There is one paragraph in the COSO update that explains why complying with risk appetite statements can lead organizations to fail to take the right risks.
risk appetite statementsYes.
I really mean that.
Of course, COSO ERM 2017 pushes organizations to establish “risk profiles” (a.k.a., lists of risks or risk registers) and their risk appetite.
But if you look carefully you will see one paragraph in the COSO update that explains why devotion to compliance with a risk appetite statement can lead an organization to fail to take the right risks.

“Organizations may … choose to exceed the risk appetite if the effect of staying within the appetite is perceived to be greater than the potential exposure from exceeding it. For example, management may accept the risk associated with the expedited approval of a new product in favor of the opportunity and competitive advantage of bringing those products to market more quickly. Where an entity repeatedly accepts risks that approach or exceed appetite as part of its usual operations, a review and recalibration of the risk appetite may be warranted.”

In other words, stay within risk appetite if it is the right thing to do. Don’t stay if that is the right thing to do.
It’s all about weighing all the potential consequences before acting – not just the potential for harm.
Of course, that is what all effective decision-makers do.
Of course, that is what risk practitioners should advocate!
Devotion to remaining within risk appetite (if you can even express one that will proactively guide decision-makers) is likely to make you risk averse – and focusing on avoiding harm is the path to avoiding success.
So, what do we do instead?
Let’s spend our time and energy thinking about how we can enable those making the decisions necessary to running the business and achieving success to make good decisions. Smart decisions.
Empower people across the organization to use not only their experience and judgment, but all appropriate and reliable information to make informed and intelligent decisions.
Instead of worrying about whether they are complying with the risk appetite statement, worry about whether there is reasonable assurance that good decisions are made.
Radical?
Sensible?
What do you think?

  • About
  • Latest Posts
Norman D. Marks, CPA, CRMA
Norman has led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions.

He retired in early 2013. However,he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.
Latest posts by Norman D. Marks, CPA, CRMA (see all)
  • Twitter and risk - January 18, 2023
  • When the board insists on a list of the top risks - December 9, 2022
  • The greatest risk and the greatest asset - November 25, 2022

Article by Norman D. Marks, CPA, CRMA / Business, Finance and Accounting / COSO ERM, risk, risk appetite statements, risk management

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

Electronic monitoring

About Norman D. Marks, CPA, CRMA

Norman has led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions.

He retired in early 2013. However, he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.

Footer

About us

Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.

First Reference Talks

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies

Main Menu

  • About First Reference
  • Resources
  • Contact us
  • 1 800 750 8175

Stay Connected

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

We welcome your comments on our blog articles. However, we do not respond to specific legal questions in this space.
We do not provide any form of legal advice or legal opinion. Please consult a lawyer in your jurisdiction or try one of our products.


Copyright © 2009 - 2023 · First Reference Inc. · All Rights Reserved
Legal and Copyright Notices · Publisher's Disclaimer · Privacy Policy · Accessibility Policy