Risk appetite articulation: do not bite what you cannot swallow

You have probably heard about the common advice “do not bite what you cannot swallow.” It does not matter how greedy you are, be a brilliant greedy person. Do not bit what cannot go down your throat. It may chock and kill you.

If you are an enthusiastic investor in stock markets, seasoned stockbrokers will advise you to only “invest the money you can afford to lose.” Avoid borrowing to invest in the stock market because share prices could up or down. Because investing in companies listed on the stock exchange is usually a long-term game, you cannot anticipate what could happen. If the price were assured to keep going higher and higher, many financial institutions would buy all the shares and stop giving credit which comes with high attendant risks of default.  Of course, some people may make money at an initial public offering (IPO), but this too is not guaranteed.

The readers of this blog remember how many investors burned their fingers with the Safaricom shares at the Uganda stock exchange, when the anticipated demand after the IPO did not happen, only to see the price fall below the IPO! Some folks had borrowed money only to lose it all and some.

At a personal level, you must grasp the concept of risk appetite to guide your decision making. You must draw a permanent line to separate between the things you can accept and those you cannot.

So, what is your risk appetite?

What is the amount of risk you are not willing to accept?

You start by defining your dos and don’ts. What are your values? What is your strategy and what risks will you take as you pursue the strategy? What capacity do you have to manage risks and what amount of risk can your stakeholders manage to bear, as well.

The ISO 31000:2018 defines risk as to the effect of uncertainty on objectives. The “effect” defines impact. If the risk materialized, how much loss would it cause? To standardize risk management, you assign a rating ranging from 1 to 5, with 1 indicating negligible impact and 5 indicating a catastrophic impact. For example, if an event happened and wiped out all your wealth, such an event could be classified as “catastrophic”. Keep in mind that what is catastrophic to you may not be catastrophic to another person. And that is why in risk assessment, context is important as it helps establish materiality.

“Uncertainty” means the probability of occurrence. The likelihood of an event happening. The probability of any event ranges between 0 and 1. The probability of something that will happen is 100%, and the probability of something that cannot happen is 0. In risk management, the probability of events is rated on a scale of 1 to 5, with the event that is virtually certain to happen rated 5, and that of something not likely to happen is 1. The probability of a living thing dying is 5. Because it is certain. While that of a stone speaking is 1 since it is unlikely to happen. As you assess risk, you apply your experience to assess the likelihood of an event and then its impact on a case-by-case basis. For this reason, the risk assessment must be done by risk owners – the staff involved in the day-to-day business operations.

In simple, risk = likelihood x impact, as shown in Figure 1.

Figure 1: Understanding risk appetite

As you can see above, risk-rated as high, 16 and above, cannot be accepted as it is high. This means, any business activity that exposes the company to risk assessed as high, cannot be done UNLESS effective controls exist to help lower the risks to acceptable levels.

To be continued.

Copyright Mustapha B Mugisa, Mr. Strategy 2021. All rights reserved.

Share this

Most Popular Insights

DOWNLOADABLE RESOURCES

Categories

Related Articles

The role of the board in cyber security risk management

The board of directors plays a crucial role in overseeing and managing the organization’s cyber security risks. This includes setting the overall cyber security

Effective leadership

If you get people, blind fold them and ask them to begin throwing stones, can they hit the same target? This is why many

5 Security Forecasts for 2017 using Cyber Threat Intelligence

We bring you  trends and insights that you  can use to help better prepare for what cyber threats are coming next. There are some

Growing the topline

Customer focus is critical to enable topline growth. A business is about putting money on the table. How do you grow your revenue daily?

About Author