Risk appetite is the level of risk that an organization is prepared to accept in doing business. When the risk assessment identifies a risk that is higher than the acceptable risk appetite, risk treatment measures should be implemented in order to reduce the risk to an acceptable level.
Your Risk appetite can vary based on a number of factors, such as:
- company culture,
- the nature of the objectives pursued (e.g. how aggressive they are)
- the financial strength and capabilities of the organization
Risk appetite can change over time. It’s always a good idea to assess risks against risk criteria periodically,