Risk Appetite: Difference between revisions

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
No edit summary
 
(No difference)

Latest revision as of 15:57, 12 June 2024

1. Risk Appetite is the amount and the type of risks an organization is willing to take in or absorb. This is the amount and type of risk an organisation will pursue or retain.


Click to know more OR courses

Risk Appetite in Operational Resilience:

Notes (1): is the aggregate level and types of risk the board and executive management are willing to assume to achieve an organisation’s strategic business objectives.

Notes (2): is consistent with applicable capital, liquidity, and other requirements and constraints.


{{#ev:youtube|pdNrTuYXSNw|400}}


Related Terms: Risk Likelihood, Risk Impact, Risk Rating, Risk Assessment, Risk Level, Risk Appetite, Risk Tolerance, Risk Threshold, Period of Disruption, Operational Resilience, Governance.

Analysing And Reviewing The Risks For Business Continuity Planning
BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2B: Intermediate (BC)


BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2C: Intermediate (CM)


BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2D: Intermediate (DR)



OR Body of Knowledge OR Competency Level
OR BoK 4: P1 Plan CL 1OR: Foundation (OR)


Template:ORBoK 4: P1 Plan CL 1ORA

OR BoK OR Competency Level
ORBoK P2: Implement CL 3OR: Advanced (OR)


Template:ORBoK P2 CL 3ORA

 

Click to know more about expert level training

(Source: Business Continuity Management Institute - BCM Institute)

BCM Institute Risk Ratings and Levels.jpg


2. Amount and type of risk that an organization is willing to pursue or retain.

(Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.49

3. Total amount of risk that an organizationis prepared to accept, tolerate or be exposed to at any point in time.
(Source: British Standard BS25999-1:2006 Code of Practice for Business Continuity Management)

4. Willingness of an organization to accept a defined level of risk.

(Source: Business Continuity Institute - BCI)

(Source: ENISA - the European Network and Information Security Agency. BCM & Resilience Glossary)