4 steps to refresh risk appetite

5 min read
Jul 10, 2025

Risk appetite theory and reality can often diverge. You may only learn what really works (and doesn't) for your organisation once you've implemented it.

 
setting risk appetite square
Five templates for setting risk appetite
Download templates used by practising risk leaders at multinational organisations to set risk appetite.
Download now
 
For this reason, it's not uncommon for risk leaders in our network to review and renew their risk appetite framework after a couple of years of having initial statements in place.
 
Others find themselves refreshing risk appetite due to difficulties with operationalisation — bringing appetite to life for the business. Ultimately, it's not enough to just implement appetite: you have to ensure it is meaningful and beneficial for the business.
 
Based on key insights and experiences shared during a recent meeting of practitioners, which we facilitated with members of our network, here are four key steps you may need to follow as you refresh risk appetite.

1. Remind yourself of risk appetite's purpose

If you are leading a refresh of risk appetite, a powerful starting point can be to review the reason (or reasons) for having risk appetite in the first place.

Being aware of this can help inform the choices you make about when and where risk appetite should be used, what you anchor your risk appetite to (e.g., individual risks or categories) and who should be accountable for risk appetite statements.

Your purpose can also guide the selection of risk appetite metrics, if this is something you are renewing or adding for the first time.

Finally, consider how the purpose of risk appetite might split into both strategic and operational actions, as highlighted below:

Strategic actions Operational actions

Link risk appetite to discussions about emerging and external risk.

Align risk appetite thresholds more closely with safety, revenue and productivity metrics.

Apply appetite to major decisions like capital investments, M&A and the commissioning of major projects.

Cement the ability to aggregate and escalate breaches, responding before they become strategic issues.

Use appetite to prioritise resources and investment.

Unlock aligned assurance and prioritise risk resources.

 


2. Connect your risk appetite statements

Risk leaders are in agreement about the interconnected nature of risk appetite when it is "put to work" in the business, and this should be reflected in the writing of appetite statements.

Risk appetite statements have to tangibly interconnect. In many cases, you can't increase your appetite in one area without also increasing appetite for financial, reputation or even safety risk, depending on the nature of a new venture or market"
member
Risk Leadership Network member

An option some members have explored is including trade-offs in risk appetite statements and explicitly acknowledging where certain types of risks can be taken, in pursuit of key objectives. This approach may also help companies to rationalise core operations or strategic goals that seem directly at odds with appetite targets.

RAS square
Download four risk appetite statement templates
Used by risk leaders at multinational organisations
Download


In one case, a member described how they have adopted high-level, responsive controls in their statements. This tacitly recognises that although certain events may occur, they are not "accepted" by the company and are swiftly dealt with. Naturally, legal teams are consulted for advice when developing an approach like this.


3. Refine and develop metrics

Issues with key risk indicators (KRIs), according to practitioners, fluctuate from "we can't get the business to agree upon a single indicator" to "we have hundreds of metrics and no idea which ones matter".

KRIs square
How to build an effective suite of key risk indicators
Download peer insights
Download


Discussing the challenge, members shared some key lessons from their experience with risk appetite metrics.


4. Embed appetite into business processes

Whether the purpose of risk appetite for your organisation is primarily operational or strategic (or both), identifying the right processes and templates in the business through which to embed and communicate risk appetite is a key step towards operationalising it.

AI risk appetite
Using risk appetite to support decision-making: 3 case studies
Read article


As a rule of thumb, companies must first establish quantitative thresholds and KRIs — a tangible expression of appetite that can be incorporated into documents.

Next, think about the language you want to use. At an operational level, for instance, it may not be necessary to actually reference "risk appetite".

Finally, once you have decided upon thresholds and syntax, make sure to update policies and procedures with thresholds and relevant explanation so that the business is well aware of the trigger points for your various risk appetite statements.

People probably won't read the appetite statement, but they will follow their procedure."
member
Risk Leadership Network member


At a strategic level, embedding appetite usually means incorporating relevant thresholds into business case templates, financial risk assessments and so on. There is also a 'cultural element' of enforcing risk appetite considerations as one step of many in the decision-making process.


What's next?

Throughout the entire process of reviewing and refreshing risk appetite, optimisation must be front of mind. In essence, how do you refine the wording, format and categorisation of appetite to meaningfully impact implementation success?

To support our members through this journey, and help shape their approaches, we facilitate bespoke collaborations between risk leaders.

If you would like to collaborate with peers on the topic of risk appetite, and find out how we can support you with your risk priorities, please book an introductory call.

Meanwhile, take a look at some more resources we've developed from recent collaborations on risk appetite:

To find out more about getting involved in upcoming collaborations with experienced peers, request an exploratory call, or explore membership here.

Get new posts by email