Thomas AndrewsProject & Risk Management Consultant| PM/RM WorksLong Beach WA, United States
Some companies have a higher tolerance for risk than others. Does a higher risk tolerance level make them more competitive as compared to a company than is willing to take no risk? Companies that quantify their risks and actively manage their risks tend to be more tolerant in accepting risk. By defining and monitoring risk action plans they become more risk tolerant. Saving Changes...
Stéphane ParentSelf Employed / Semi-retired| Leader MakerPrince Edward Island, Canada
Just to be clear, risk appetite and risk tolerance are not the same.
According to ISO 3100, risk appetite is "the amount and type of risk that an organization is prepared to pursue, retain or take".
ISO Guide 73.2009 Risk Management - Vocabulary defines risk tolerance as "an organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives."
Both risk appetite and risk tolerance set boundaries of how much risk an organization is prepared to accept. Risk appetite will broadly consider the levels of risk that is deemed acceptable. Risk tolerances will narrowly set the acceptable level of variation around objectives.
For example, an organization may not have any appetite for risks that would jeopardize a significant portion of its revenue. Therefore they may not tolerate more than a 10% revenue decline in its top 10 customers. Saving Changes...
Thomas AndrewsProject & Risk Management Consultant| PM/RM WorksLong Beach WA, United States
Stephane, excellent definition differentiation between risk tolerance and risk appetite from ISO. Good to see the risk terminology is evolving. Saving Changes...
