Finally, and long overdue, another review in the Gower Short Guide to Business Risk book series. This is the 7th book I’m covering, and I must say that the main topic of Risk Appetite versus Risk Attitude has brought a whole new perspective on risk and risk management to my attention. Basically, what the books states is that every company should ask themselves two questions: 1) How much risk do we want to take? That is risk appetite. 2) How much risk do we think we should take? That is risk attitude. There are actually 4 more questions, dealing with risk propensity, risk capacity, risk perception and risk exposure that make up the risk management framework presented in this book.

Risk management – difficult or easy?

Risk management, so the authors, is a way of understanding the trade-offs we are making when we decide a course of action, not only in the short-term, but more importantly, in the long term, because a long-term perspective helps in making strategically consistent decisions time and again, instead of simply listening go your gut feelings. Understanding your risk appetite, and your risk attitude, lays the groundwork for making good decisions in uncertain yet important situations.

Who says what?

An interesting feature of the book is a whole chapter dedicated to collecting the views on risk appetite from regulators, standards bodies like, professional associations and consultants, clearly showing that there is a lot of debate about risk appetite, but no consensus.

Risk appetite risk tolerance, risk attitude and risk profile are mentioned by the regulators, but appear to be the same. Risk appetite is mentioned in standards, but not always well defined. Professional associations  do fare a bit better; at least they do show some guidance in how to express risk appetite in a useful way. Consultants, seeing business opportunities in helping confused managers, have produced a wide range of white papers on risk appetite.

Although there is some common thinking among all these sources, there is little agreement and no agreed-upon definition. The list of 24 different definitions taken from these sources definitely shows that. However, so the authors claim, two strands of thought are common in these definitions, risk as a level or threshold that should not be crossed, and risk as a willingness to cross that same threshold, i.e. how much risk do we think we should take and how much risk do we want to take respectively.

Appetite versus attitude

The authors spend a whole chapter on describing and discussing appetite and attitude, their differences and similarities, perhaps a bit too much in my view, but the message sinks in finally:

Risk appetite: Tendency of an individual or group to take risk in a given situation.

Risk attitude: Chose response to a given risky situation, influenced by risk perception.

While this makes perfect sense when reading it the first time, the second time I ask myself, what is “risk” in risk appetite, and what are “risky situations” in risk attitude? Nit-picking, perhaps, and quickly forgotten, because their next point is rather brilliantly explained:

So when we face a risky and important situation and we need to decide how much risk to take […] we could just go with our gut, and make an intuitive decision [..] that might lead to a good outcome. But i might not. This is where is risk attitude comes in, allowing us to chose an appropriate positioning towards the risk.

Risk appetite comes from the heart, or rather, gut, whereas risk attitude comes from the head. Simple as that.

Risk elements at play – inputs and outcomes

The perhaps most difficult part of the book is the chapter that puts all risk elements together:

Risk propensity: How much risk do we usually like to take?
Risk appetite:  How much risk do we want to take?
Risk capacity: How much risk can we take?
Risk perception: How much risk do we think we are taking?
Risk attitude: How much risk do we think we should take?
Risk exposure: How much risk are we actually taking?

Inputs to risk appetite and risk attitude and their respective outcomes are then used to construct what the authors call the RARA-model.

What I noticed here is that risk actions are outcomes of risk attitude, not risk appetite. Risk appetite on the other hand sets the risk threshold, against which risk actions and the resulting residual risk should be checked against. They way I interpret this is that risk attitude has a lower risk level than than risk appetite, and risk attitude should be the guiding principle for risk actions, not risk appetite.

Risk attitude and risk appetite exemplified

Half the book is devoted to a number of convincing examples of how the RARA-model can be used in practice in making well-informed risk decisions. In doing so, the authors use three kinds of scenarios: Unmanaged, Constrained and Informed Scenario.

Unmanaged, where risk thresholds are set by the organisation with no conscious or intentional reference to risk appetite or risk attitude.

Constrained, where risk thresholds are consciously modified by an understanding of the inherent risk appetite.

Informed, taking into account the chosen risk attitudes of key stakeholders as well as wider organisational factors when setting risk thresholds.

The beauty of these different scenarios is that they make use of the above elements in the RARA-model in very different ways, demonstrating how everything comes into play.

Conclusion

At first glance the RARA-model appears unnecessarily complex, and the case examples, using every single element of the model, are very elaborated. However, what the model really is all about is answering the six questions above. I like this book, but it takes a while to sink in, especially for someone like me, who uses the ISO 31000 standard extensively in my daily work.

Reference

Murray-Webster, R. and Hillson, D. (2012) A Short Guide to Risk Appetite. Farnham: Gower Publishing.

Related links

• rara-risk.com: The RARA Risk Model

Related posts

• husdal.com: All Gower Short Guides to Business Risk book reviews
• husdal.com: Risk Management Vocabulary