Risk Tolerance

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

The amount of risk an entity is willing to take to earn a reward.

Taxonomy

Risk Appetite the level of uncertainty a company is willing to assume given the corresponding reward associated with the risk. A company with a high-risk appetite would be a company accepting more uncertainty for a higher reward, while a company with a low-risk appetite would seek less uncertainty, for which it would accept a lower return.

Resilience the ability to recover from an unexpected problem.

Efficiency the opposite of Resilience.

Complacency the belief that if you have not been successfully attacked in the last year that you will not be in the coming year either. In other word risk tolerance will become greater every year that you are not successfully attacked.

Time Frame the amount of time for which a risk calculation is made. If the probably of devastating cyber-attack is 1 % per month, that works out to 3 % per quarter, 12% per year (number rounded for simplicity). As it can be seen if an executive needs to get a good quarterly result to earn a bonus, she has little incentive to spend money to reduce risk with a low near-term probability.

References

Other Material

  • The wiki page on Privacy Risk shares some content with this page as privacy risk is becoming a significant factor in Conduct Risk.
  • The wiki page on Privacy Tolerance speaks to a particular area where Conduct Risk can help select an appropriate acceptance level for risk.
Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Risk_Tolerance&oldid=16394"