What is the difference between Risk Tolerance vs Risk Appetite in risk management?
the_cyberguy Answered question 21/11/2022
Risk appetite is the amount of risk a business is willing to undertake in a controlled manner. Whereas risk tolerance is the amount of deviation from the established risk appetite that the organization considers acceptable.
In formal risk management programs, the following statement holds true
Risk Appetite + Risk Tolerance <= Risk Capacity, where risk capacity is the is the amount of risk that an organization can absorb without ceasing to function.
the_cyberguy Changed status to publish 21/11/2022