Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
The FSA, clarifies exactly what a tolerance statement should cover: Tolerance describes the types and degree of operational risk that a firm is prepared to incur (based on factors such as the adequacy of its resources and the nature of its operating environment). Tolerance may be described in terms of the maximum budgeted (that is expected) costs of an operational risk that a firm is prepared to bear, or by reference to risk indicators such as the cost or number of systems failures, available spare capacity and the number of failed trades.
Tolerance can be quantitative and describe levels of risk impact or number of events, or qualitative by addressing factors that are likely to lead to increased levels of risk (number of unresolved complaints, number of errors, etc). A risk tolerance statement will generally also distinguish between risks for which the firm has no appetite (such as internal theft and fraud or breach of law or regulation) and those that may be accepted within reason (staff error, some degree of inevitable system downtime, etc). Acceptance is likely to reduce rapidly, however, when accepted risks are repeated too often.
Risk tolerance or appetite reflects the degree of uncertainty that a firm or an individual is prepared to accept in order to achieve financial objectives. In investment decisions, where a responsible investor will consider the extent of loss that he or she is prepared to accept to obtain a higher rate of return. Financial Services Authority (FSA) regulation states that an insurance firm must include in its risk policy documentation details of the operational risks that the firm is prepared to accept and those that it is not prepared to accept, including where relevant some consideration of its appetite or tolerance for specific operational risks.
directors to the rest of the organization that indicates the type of organization that the firm aspires to be. It should therefore direct the response that all levels of the firm should produce when confronted by a risk (whether actual or potential) that may exceed risk tolerance levels. As a result, the tolerance statement will be closely entwined with all aspects of the operational risk management process.
Amount and type of risk that an organisation is prepared to seek, accept or tolerate
Definitions
Problems:
Risk is treated in an unduly negative way.
Strategic Risk management should be about
Definitions: Summary
While risk appetite is about the pursuit of risk, risk tolerance is about what you can allow the organisation to deal with.
The difference can be illustrated in the diagrams on the bottom of this page.
Definitions: Summary
Figure 1 shows performance from the current time (t0) to sometime in the future (t1).
The line AB shows the current expected direction of travel in terms of performance.
Performance
B A
t0
Time
t1
risks which, should they materialise, could result in performance along the line AC, or To opportunities (positive risks) which could result in performance along the line AD. The potential risk universe or the total risk exposure is shown by the difference between C and D. (see Figure 3)
Possible Outcomes
Where you might get to if some good things happen
Performance
A
t0
Time
t1
Risk Universe
could impact, either positively or negatively, on the ability of the organisation to achieve its long term objectives.
Risk Universe
D
Risk Universe
Performance
A
t0
Time
t1
Risk Tolerance
outside of which the organisation is not prepared to venture in the pursuit of its long term objectives.
Risk Tolerance
D
Risk Tolerence
Performance
Y A
t0
Time
t1
Risk Appetite
organisation is willing to seek or accept in the pursuit of its long term objectives.
Risk Appetite
D
Risk Appetite
Performance
A
t0
Time
t1
line AD because pursuing it might throw up substantial additional risks. Consequently, there are some risk outcomes for which there is no tolerance, and moreover no tolerance for taking those risks. Since there can be potentially positive as well as negative risks, that suggests that there is a range shown by the triangle AXY, outside of which the organisation will not tolerate exposure. This is the risk tolerance.
Its about identifying what COSO calls the sweet spot Its about identifying what COSO calls the sweet spot
Definitions
Optimal Risk-Taking
Insufficient Risk-Taking Optimal Risk-Taking
Excessive Risk-Taking
Sweet Spot
Risk Level
Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management Integrated Framework, 2004.
On the other hand, our appetite for risk is likely to be shown by a narrower band of performance outcomes shown by the triangle AMN. Risk appetite has at least two components: Risk and control and that to consider either in isolation could result in sub-optimal decisions.
absolutes: for example we will not expose more than x% of our capital to losses in a certain line of business, or we will not deal with a certain type of customer.
Risk tolerance statements are lines in the sand
beyond which the organisation will not move without prior board approval.
all important part of the risk management system and to ensure that the exercise of risk management and all that entails is consistent with that appetite, which needs to remain within the outer boundaries of the risk tolerance.
Integrating the Risk Tolerance Statement into the Operational Risk Process
The risk tolerance statement serves as a signpost
provided by the board of directors to the rest of the organization that indicates the type of organization that the firm aspires to be.
It therefore should direct the response that all levels
of the organisation should produce when confronted by a risk (whether actual or potential) that may exceed risk tolerance levels.
The tolerance statement will be closely entwined with