Risk is a natural part of life. Everything we do has some sort of risk involved, although the level of risk determines whether it is a good idea to continue with the original plan or to change to meet a more acceptable level of risk. This is what we call risk appetite, the urge to take on certain levels of risk.
So why would an organization need to have a risk appetite? Well, short answer is it determines the path the organization is going to take. The level of risk determines how the stable the organization is viewed and how likely it will succeed in it's overall goals.
Most business professionals tend to keep risk levels as low as possible to reduce the amount of possible outcomes based off the unknown. Risk mitigation and risk avoidance are used to keep these levels within reason. Once the risk is identified the organization then allows management to decide what is to be done with this risk. Is the risk acceptable as is? If not, what level of risk is the organization willing to accept? These are a few of the questions management looks at to determine what their appetite is.
Overall, the risk appetite of an organization must really be determined by the management to ensure it is in line with the goals of the organization. To much risk can hurt the organization and too little does not allow the organization to grow and flourish.
To learn more, read the following:
Time for a Change in our Attitude Around Risk. Retrieved from http://www.infosecisland.com/blogview/19981-Time-for-a-Change-in-our-Attitude-Around-Risk.html
What is Risk Appetite? Retrieved from http://jitenderarora.co.uk/what-is-risk-appetite/?utm_source=rss&utm_medium=rss&utm_campaign=what-is-risk-appetite