COSO Releases Thought Paper on Risk Appetite
A new thought paper aimed at helping organizations better articulate, develop, and implement “risk appetite,” was released by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) – an organization providing thought leadership and guidance on enterprise risk management (ERM), internal controls and fraud deterrence.
COSO is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of
frameworks and guidance on enterprise risk management (ERM), internal control and fraud deterrence.
COSO’s supporting organizations are The Institute of Internal Auditors (IIA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), and the Institute of Management
Enterprise Risk Management – Understanding and Communicating Risk Appetite is the latest in a series of COSO papers providing ERM practitioners thought leadership on performing more effective risk management.
“An important COSO goal is to help executives and boards implement effective ERM processes by providing them with thought papers that discuss issues crucial to ERM success,” said COSO Chairman David
“This paper emphasizes the idea that developing and communicating a risk appetite should be viewed by organizations as an important part of their ERM processes.”
According to the authors of the paper, risk appetite is the amount of risk organizations are willing to accept in pursuit of their objectives.
Written by Larry Rittenberg, the Ernst & Young Professor of Accounting at the University of Wisconsin-Madison, and Frank Martens, a director in the Advisory Practice of PwC, the thought paper provides examples of statements of risk appetite and emphasizes the notion that risk appetite should be communicated by management, embraced by the board, and integrated throughout the entity.
“Organizations encounter risk every day as they pursue their objectives, and risk appetite is an integral part of an effective ERM system,” said Rittenberg.
“It may seem to be an elusive topic, but the reality is that a well
communicated risk appetite serves as a boundary around the amount of risk an organization might take on, and should be considered when setting strategy or business goals.”