Risk Appetite

Definition: Risk appetite is defined as the degree of uncertainty an organization is willing to take in anticipation of a reward.

The meaning of appetite is hunger; therefore, risk appetite means risk hunger. Hunger is a subjective term and cannot be quantified. However, the risk appetite of an organization can be rated from low to high.

Many businesses don’t hesitate to take risks if the reward is worthwhile. However, others play it safe. Organizations that take risks have high-risk appetites, and organizations with low-risk appetites avoid taking risks.

Risk appetite is also known as risk capacity or the maximum residual risk that an organization accepts. A risk appetite is unique for every organization and top management decides the risk appetite of an organization.

The following factors affect the risk appetite of an organization:

  • Organizational culture
  • Risk attitude of stakeholders
  • Competition
  • The organization’s financial condition
  • The capability of the organization

Determining an Organization’s Risk Appetite

To determine the organization’s risk appetite, businesses first find risks, identify their probability and impact, and rank the risks on the risk assessment matrix.

Once the risks are analyzed and ranked, an organization can define what range of risks are acceptable and what are not.

This acceptable risk defines the risk appetite of the organization.

Risk Appetite Statement

Many organizations have risk appetite statement documents that define what an organization considers to be risks and how they will respond. This document guides project managers in every decision related to risk management, such as identifying risks, assessing them, developing risk response plans, etc.

The following guidelines help in developing a risk appetite statement.

  • Involve all stakeholders in defining the risk score.
  • Define the acceptable range of acceptable risks based on the risk score.
  • Consider the risk tolerance and risk threshold while defining the acceptable risk range.
  • The risk appetite should align with the organization’s objectives and goals.

A risk appetite document helps management understand risks, and they can make informed decisions. It provides transparency to stakeholders, and they can assign resources for risk management.

A risk appetite statement communicates the corporate value (willingness to take or avoid risks), strategy, and the capacity to absorb the risks.

Examples of Risk Appetite

  • An organization is not willing to launch a new product due to fear of failure of the product launch.
  • An organization is willing to launch a product with minor updates to increase sales.
  • An organization has decided to change the scope of work as they want to avoid managing the risk.


A project manager must understand the organization’s risk appetite as it will help them know what amount of risk the organization and client are willing to take, and how much they will need to manage to complete the project. A very low level of risk appetite will leave a few risks to manage, and a high level of risk appetite provides many risks.

The project manager has to play a balanced role and influence the stakeholders to improve the project.