Risk Appetite

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to: navigation, search
1. Risk Appetite is amount and the type of risks that an organization is willing to take in or absorb.


Related Terms: Risk Likelihood, Risk Impact, Risk Rating, Risk Assessment, Risk Level, Period of Disruption.

Notes (1): During the risk assessment, there will be some risk that were identified to be too expensive to mitigate or the risk likelihood is too low or a combination of both. The level of risk that an organization is willing to accept should be based on the likely consequence of a certain risk occurring.

Notes (2): Risk appetite varies from organization to organization as the level of risk that an organization is willing to take is dependence on the organization's nature of business and the executive management team managing the organization.


Analysing And Reviewing The Risks For Business Continuity Planning BUY!
BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2B: Intermediate (BC)



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2C: Intermediate (CM)



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2D: Intermediate (DR)



Courses

(Source: Business Continuity Management Institute - BCM Institute)

BCM Institute Risk Ratings and Levels.jpg

2. Amount and type of risk that an organization is willing to pursue or retain.

(Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.49

3. Total amount of risk that an organizationis prepared to accept, tolerate or be exposed to at any point in time.
(Source: British Standard BS25999-1:2006 Code of Practice for Business Continuity Management)

4. Willingness of an organization to accept a defined level of risk.

(Source: Business Continuity Institute - BCI)

(Source: ENISA - the European Network and Information Security Agency. BCM & Resilience Glossary)