My tolerance for risk appetite is fading

See on Scoop.itTate – Law, Liability, Risk Management, Governance, D&O and Business

It is amazing to me that one of my most popular blog posts every month is “Just what is risk appetite and how does it differ from risk tolerance?”, which I wrote over four years ago, in April 2011!…

David Tate‘s insight:

Norman usually has good comments on the topics of risk management, internal controls and internal audit.  If you are interested in these topics you should read his blog.  If the following link works, here is the link to PWC’s publication, http://www.pwc.com/en_US/us/corporate-governance/publications/assets/pwc-risk-appetite-management.pdf

Not being critical of PWC, but I don’t find their publication to be very helpful.  It’s too general. What does it really mean?  Can a board member satisfy his or her risk oversight duties by asking the general questions that PWC provides?  Perhaps. But the questions don’t go far enough of course.  Not nearly enough inquiry, but it is a starting point.

Risk management is a continual, ongoing task. Identify the categories of risk, identify specific risk or areas of risk in the categories, evaluate for each risk the seriousness if the risk occurrs and likelihood of occurrence which should help provide you with guidance on “risk appetite” (those of you who have read my posts know that I don’t like the current definitions and uses of the terms risk appetite and risk tolerance), evaluate the risk management processes currently in place for each risk, design and implement risk management processes or improved risk management processes for each risk as deemed necessary, appoint the person/people responsible for and owning the risk area(s) and processes, set time deadlines, monitor, follow-up, improve, and on and on.

The board is responsible for oversight.  If risk oversight is included in the audit committee’s charter, the audit committee had better know what it is supposed to do and what it is doing.  Consider, should the board have a separate risk management committee?  I prefer the term risk and uncertainty management, but whatever.

Dave Tate

http://tatetalk.com

See on normanmarks.wordpress.com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s