Tip of the Month: Quantifying Risk Appetite

Tip of the Month – Quantifying Risk Appetite
Did you know?
You can quantify your organisation’s risk exposure for each unit including the aggregated risk exposure for sub-units. You can specify risk appetite thresholds which are based on your inherent and residual impact values, and view your organisation’s risk exposure in the Unit Exposure register.
To set unit risk appetite thresholds:
1.  In the Unit Capture/Edit form, click the Appetite tab on the right side of the screen.

Specify a threshold start value corresponding to the unit quantitative values for each threshold colour. You can change the colours by clicking the colour block and selecting a new colour. You can also add a new threshold by clicking the Add Threshold button. The total value of all aggregated risk values from the selected unit and the units below are compared against these threshold values in the ‘Unit Exposure Register’ view (see below).
Set up unit Risk Impact values by typing a value next to each interval. These are the default values that will be pulled through when rating a risk if specified if the ‘Use default unit values’ is ticked in the Risk Edit / Capture screen.
In the Risk Capture / Edit screen, you can specify quantitative values (both inherent and residual) corresponding to the thresholds and impact values you specified in the Unit.

You can set the impact value for inherent and residual quantitative ratings by typing in a value in the “Impact Value” field. You can also select the “Use default unit values” checkbox to automatically pull through the default the impact values that were setup in the unit as per step 1 above.
The Impact field in both Pre-control rating and Post-control rating can be automatically calculated based on the Inherent Quantitative and Residual Quantitative values. This setting is specified in the Server Management Console by the System Administrator. If this option is enabled, the values specified in the Inherent Qualitative and Residual Qualitative tabs are converted to a Qualitative Impact value based on the Impact Values specified in the Unit weighting screen.
You can view and monitor unit risk exposure using the Unit Exposure register.
To do this:

  1. In the Organisational Structure tree, select the organisation node. In this example, the organisation’s name is “ABC Corporation”.
  2. From the View menu, select Unit Exposure Register.


The Unit Exposure register is displayed. This diagram shows the company (ABC Corporation) and its units.

This register has been filtered to display only Inclusive Residual Exposure for each unit. By default, the following fields are displayed:

  • Unit Type – the type of unit – for example, strategic or business
  • Inclusive Residual Exposure – this value is the sum of ‘Residual Risk Exposure’ of all risks for the current unit and all child units.
  • Exclusive Residual Risk Exposure – this value is the sum of ‘Residual Risk Exposure’ of all risks for the current unit only.
  • Inclusive Inherent Exposure – – this value is the sum of ‘Inherent Risk Exposure’ of all risks for the current unit and all child units.
  • Exclusive Inherent Exposure – this value is the sum of ‘Inherent Risk Exposure’ of all risks for the current unit only.

In this example, we can see that Johannesburg has a high residual risk exposure and exceeded its threshold and is coloured red. To view the breakdown of risk exposure in the Johannesburg unit, select the Johannesburg unit in the Organisational structure tree.

The register displays the aggregated quantitative values of each of the child units below the Johannesburg unit. In this example, the Finance child unit has exceeded its threshold and is coloured red. To see the detailed risks making up the aggregated residual exposure value for ‘Finance’, click View>Risks> Risk Register (use the ‘field chooser’ to include the relevant qualitative fields and perhaps save it as a ‘favourite view’)
You can view the quantitative risk ratings of each risk (IE = Inherent Exposure and RE = Residual Exposure).
In this example, the RE total of all risks = R560,000 which exceeds the appetite threshold set on the ‘Finance’ unit.

arrow up