Enlightened risk management frameworks say we should manage risks to the business within the risk appetite. But what is the risk appetite? Can anyone in the organisation articulate it beyond vague statements such as “medium risk appetite”, “prudent basis” or “risk adverse basis”? Risk appetite is dynamic, and we need to be able to change it and identify the impacts on our risk management this has when we do.
Armed with an understanding of our risk appetite, what risk management challenges are we better equipped to address. Can we leverage it to identify areas where we might actually want to consciously take more risk? Can we improve risk decisions?
In this episode regular hosts Martin and Maurice are joined by COSAC regular Jaco Jacobs to discuss cyber risk appetite.