There is considerable confusion in the risk world in relation to terms such as risk appetite, risk tolerance, risk acceptance, risk threshold and risk attitude. These are defined differently by organisations and there is no guidance in ISO31000 that clarifies this, so the confusion becomes a distraction.
No matter what it is called – all organisations need to specify the parameters within which they are going to manage their risks. In order to do this there a number of fundamental questions that you need answered. Continue reading