Difference between revisions of "Risk Appetite"

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
 
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
 +
 
{| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px"
 
{| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px"
| '''1.''' [[Risk]] Appetite is amount and the type of [[Risk|risks]] that an [[Organization|organization]] is willing to take in or absorb.  
+
|-
 
+
| '''1.''' [[Risk|Risk]] Appetite is amount and the type of [[Risk|risks]] that an [[Organization|organization]] is willing to take in or absorb. <div class="thumb tright">
<div class="thumb tright">
 
 
{{#ev:youtube|pdNrTuYXSNw|400}}
 
{{#ev:youtube|pdNrTuYXSNw|400}}
</div>
+
</div>  
 +
<br/> Related Terms: [[Risk_Likelihood|Risk Likelihood]], [[Risk_Impact|Risk Impact]], [[Risk_Rating|Risk Rating]], [[Risk_Assessment|Risk Assessment]], [[Risk_Level|Risk Level]], [[Period_of_Disruption|Period of Disruption]].
  
<br> Related Terms: [[Risk Likelihood]], [[Risk Impact]], [[Risk Rating]], [[Risk Assessment]], [[Risk Level]], [[Period of Disruption]].  
+
'''''Notes (1)''''': During the [[Risk_Assessment|risk assessment]], there will be some risk that were identified to be too expensive to mitigate or the [[Risk_Likelihood|risk likelihood]] is too low or a combination of both. The level of risk that an organization is willing to accept should be based on the likely consequence of a certain risk occurring.
  
'''''Notes (1)''''': During the [[Risk Assessment|risk assessment]], there will be some risk that were identified to be too expensive to mitigate or the [[Risk Likelihood|risk likelihood]] is too low or a combination of both.  The level of risk that an organization is willing to accept should be based on the likely consequence of a certain risk occurring.  
+
'''''Notes (2)''''': Risk appetite varies from organization to organization as the level of risk that an organization is willing to take is dependence on the organization's nature of business and the [[Executive_Management|executive management]] team managing the organization.
  
'''''Notes (2)''''': Risk appetite varies from organization to organization as the level of risk that an organization is willing to take is dependence on the organization's nature of business and the [[Executive Management|executive management]] team managing the organization.
+
'''''Notes (3)''''': In the new ISO22301:2019, risk appetite is see as a subjective term when implementing BCM.  The emphasis is to understand the point at which the impact of not resuming the activity would be unacceptable.
  
 +
[[File:3D BCM Series Analyzing and Reviewing in the context of BCM Books.jpg|thumb|left|140px|Analysing And Reviewing The Risks For Business Continuity Planning ]]
  
[[Image:3D BCM Series Analyzing and Reviewing in the context of BCM Books.jpg|thumb|left|140px|Analysing And Reviewing The Risks For Business Continuity Planning [http://store.bcm-institute.org/books/bcm-specialist-series BUY!]]]
+
{{BcmBoK 2 CL 2B}}<br/> <br/> {{BcmBoK 2 CL 2C}}<br/> <br/> {{BcmBoK 2 CL 2D}}
  
{{BcmBoK 2 CL 2B}}
+
&nbsp;
<br><br>
 
{{BcmBoK 2 CL 2C}}
 
<br><br>
 
{{BcmBoK 2 CL 2D}}
 
  
 +
'''''Courses'''''
  
 +
*[http://www.bcm-institute.org/courses/analyzing-and-reviewing-risk-col-313 Attend: Classroom: Risk Analysis Courses]
 +
*[https://www.bcm-institute.org/courses/business-continuity-management-courses-2/bcm-competency-courses/competency-level-300/bcm-310-assessing-risk-and-business-impact-requirements/ Attend: Classroom: Competency-based Risk Analysis Courses]
 +
*[http://www.bcm-institute.org/courses/risk-analysis-and-review Attend: E-Learning: Risk Analysis module]
  
 +
{{Bcm Institute Source}}
  
'''''Courses'''''
 
* [http://www.bcm-institute.org/courses/analyzing-and-reviewing-risk-col-313 Attend: Classroom: Risk Analysis Courses]
 
* [http://www.bcm-institute.org/courses/assessing-risk-and-business-impact-requirements Attend: Classroom: Competency-based Risk Analysis Courses]
 
* [http://www.bcm-institute.org/courses/risk-analysis-and-review Attend: E-Learning: Risk Analysis module]
 
{{Bcm Institute Source}}
 
 
|}
 
|}
  
[[Category:BCM Institute Glossary]]
+
[[File:BCM Institute Risk Ratings and Levels.jpg|thumb|right|400px|BCM Institute Risk Ratings and Levels.jpg]]
[[Category:BCM Institute Crisis Management Glossary]]
 
[[Category:BCM Institute DR Glossary]]
 
  
[[Category:BcmBoK 2 CL 2B]]
+
'''2.''' Amount and type of [[Risk|risk]] that an [[Organization|organization]] is willing to pursue or retain.
[[Category:BcmBoK 2 CL 2C]]
 
[[Category:BcmBoK 2 CL 2D]]
 
  
[[Image:BCM Institute Risk Ratings and Levels.jpg|thumb|right|400px]]
+
{{ISO 22301 Source}} - clause 3.49
  
'''2.''' Amount and type of [[Risk|risk]] that an [[Organization|organization]] is willing to pursue or retain.  
+
'''3.''' Total amount of risk that an [[Organization|organizationis]] prepared to accept, tolerate or be exposed to at any point in time.<br/> {{BS25999 Source}}
  
{{ISO 22301 Source}} - clause 3.49
+
'''4.''' Willingness of an [[Organization|organization]] to accept a defined level of risk.
  
'''3.''' Total amount of risk that an [[Organization|organization]]is prepared to accept, tolerate or be exposed to at any point in time. <br> {{BS25999 Source}}  
+
{{BCI Source}}
  
'''4.''' Willingness of an [[Organization|organization]] to accept a defined level of risk.
+
{{ENISA Source}}
 
 
{{BCI Source}}  
 
  
{{ENISA Source}}
+
[[Category:BCM Institute Glossary]] [[Category:BCM Institute Crisis Management Glossary]] [[Category:BCM Institute DR Glossary]] [[Category:BcmBoK 2 CL 2B]] [[Category:BcmBoK 2 CL 2C]] [[Category:BcmBoK 2 CL 2D]]

Latest revision as of 03:07, 8 November 2019

1. Risk Appetite is amount and the type of risks that an organization is willing to take in or absorb.


Related Terms: Risk Likelihood, Risk Impact, Risk Rating, Risk Assessment, Risk Level, Period of Disruption.

Notes (1): During the risk assessment, there will be some risk that were identified to be too expensive to mitigate or the risk likelihood is too low or a combination of both. The level of risk that an organization is willing to accept should be based on the likely consequence of a certain risk occurring.

Notes (2): Risk appetite varies from organization to organization as the level of risk that an organization is willing to take is dependence on the organization's nature of business and the executive management team managing the organization.

Notes (3): In the new ISO22301:2019, risk appetite is see as a subjective term when implementing BCM. The emphasis is to understand the point at which the impact of not resuming the activity would be unacceptable.

Analysing And Reviewing The Risks For Business Continuity Planning
BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2B: Intermediate (BC)


BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2C: Intermediate (CM)


BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2D: Intermediate (DR)

 

Courses

(Source: Business Continuity Management Institute - BCM Institute)

BCM Institute Risk Ratings and Levels.jpg

2. Amount and type of risk that an organization is willing to pursue or retain.

(Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.49

3. Total amount of risk that an organizationis prepared to accept, tolerate or be exposed to at any point in time.
(Source: British Standard BS25999-1:2006 Code of Practice for Business Continuity Management)

4. Willingness of an organization to accept a defined level of risk.

(Source: Business Continuity Institute - BCI)

(Source: ENISA - the European Network and Information Security Agency. BCM & Resilience Glossary)