– Put the right stakeholders in place at an early stage. An early success factor in the development of a risk-taking statement is the early involvement of the appropriate stakeholders in the organization through risk management, namely the business leader, senior management and strategic planning and financing services. The Board of Directors should also play a key role in contributing in advance to the development of risk-taking and ultimately approving it. Swanepoel gave some very interesting comments. While risk tolerance and risk-taking are defined, they appear to be interpreted and used inconsistently across risk management programs, he said. By researching their definitions, you will get people`s interpretations. Therefore, it only uses the terms contained in ISO 31000:2009 Risk Management, since these terms are subject to rigorous control by ISO members and ISO can only include a term if there is consensus among its members on their meaning. While ISO 31000 does not contain any definition of risk tolerance or risk-taking, ISO Guide 73:2009 Defines risk management – Risk tolerance vocabulary as „the willingness of an organization or stakeholder to take risk after risk treatment to achieve its objectives.“ – Develop a risk-taking statement approved by the board of directors. The company-wide risk-taking statement at the highest level should be approved by the board of directors and then translated and communicated to lower levels of the organisation, such as activities or legal persons.
The risk-taking statement approved by the Board usually begins with the link to the organization`s mission and business strategy and the overall risk philosophy. It is then supported by more specific qualitative and quantitative statements for the relevant types of risks and business units of the company. Quantitative declarations should have thresholds and be measurable; qualitative statements should be observable. This statement should articulate the desired balance between the main objectives in terms of risk – for example.B. target debt ratings, earnings volatility, capital adequacy, etc. – and return. In this article, we will demystify risk-taking and risk tolerance, hoping that this will help you understand both concepts so that you can integrate them into your framework. As already mentioned, iso31000:2009 does not contain either of the two terms, as ISO states that „publication as an international standard requires the approval of at least 75% of the voting member bodies“. The ISO31000:2009 referencing therefore uses „Risk Attitude“. ISO31000:2009 defines risk management as „an organization`s approach of assessing risks and ultimately keeping, taking or turning away from them.“ „Risk-taking must be seen as a key part of defining business strategy and be clearly communicated, understood and monitored across an organization,“ says Edward T. Hida II, a partner at Deloitte & Touche LLP and global head of its risk and capital management practice.
„For example, risk-taking statements can help stimulate discussions on risk and governance, make strategic planning and capital allocation decisions, and reassure supervisors, shareholders and credit rating agencies that the company has a clear understanding of it and has set limits on the level of risk it can bear,“ Mr. Hida explains. In addition, according to the COSO Directive „Strengthening Enterprise Risk Management for Strategic Advantage“, risk tolerance reflects „acceptable differences in terms of specific performance indicators related to the objectives that the company wishes to achieve“, while risk-taking as „a broad description of the level of risk desired by a company to pursue its mission“, . . .