Better Boards Better Boards
Better Boards
About Media Contact Us Newsletter Herding Cats Podcast BoardWise Fact Sheets Minutes Course Events

glossary

Risk Appetite: Definition, Statement Examples & How to Set It

Governance Glossary

Published: June 6, 2024 Last Reviewed: March 16, 2026
Risk Appetite

Key Takeaways

  • Risk appetite is the amount of risk an organisation is willing to accept to achieve its objectives.
  • A risk appetite statement documents the board's attitude to risk across categories like financial, operational, and reputational.
  • Risk appetite differs from risk tolerance — appetite is the broad willingness; tolerance is the specific limit for each risk.
  • The board is responsible for setting the organisation's risk culture and ensuring it aligns with the risk appetite.
  • Risk appetite should be reviewed annually and adjusted when the organisation's circumstances change.

Every risk has potential downsides and upsides. Understanding risk appetite — how much risk your organisation is willing to accept — shapes resource allocation, messaging, and the decisions your board makes day to day.

No two organisations have the same appetite. Structure, the nature of the work, and financial position all play a role. A small community club will approach risk differently from a large superannuation fund, and both will approach it differently from a technology startup.

What is risk appetite?

According to Australia’s Department of Finance, risk appetite is “the amount of risk that an entity is willing to accept or retain in order to achieve its objectives.” When compared to actual exposure to risks, risk appetite information can assist in the evaluation process and help determine if people are taking the appropriate amount of risk and balancing opportunities and threats.

The perception of risk can vary among different individuals within an organisation, based on their experiences, knowledge, and attitudes. It is important for board members to understand and articulate the organisation’s risk appetite to increase its risk management capacity. Setting benchmarks that can be helpful for measuring and tracking success and is critical to developing a clear and realistic risk appetite. For example, a risk statement about cybersecurity might read: “We have a low appetite for cybersecurity incidents and will not accept more than two incidents per year with a combined financial impact exceeding $200K.”

Why does risk appetite matter?

How much risk a board is willing to accept directly affects what the organisation can do. A defined risk appetite gives directors and staff clear guidelines on when to act, when to hold back, and when to push forward. Without one, every risk discussion starts from scratch.

A well-defined appetite also helps boards distinguish between risks worth taking — the kind that drive growth and innovation — and risks that threaten the mission. It sets severity levels for each risk category and gives the board a framework for consistent decision-making rather than ad hoc judgements.

For example, a community housing provider without a documented risk appetite might approve a property development that exceeds its financial capacity, exposing the organisation to insolvency risk. A clear appetite statement would have flagged that decision before it reached the board table.

Risk appetite statement

A risk appetite statement describes both the risk appetite and risk tolerance of an organisation. It works alongside the organisation’s risk register and risk matrix to give the board a complete picture of risk exposure. While the format can vary depending on each company, the typical statement consists of:

  • A clear statement of endorsement of the senior executive, reinforcing the importance of informed risk taking.
  • A definition of what the risk appetite is and how it can be used.
  • The overall attitude toward risk taking within the organisation.
  • A statement for each of the risk categories identified, describing the level of tolerance for each risk.
  • The limitations in exercising risk tolerance.

The risk appetite statement sits within the risk management framework and is tailored to each organisation’s internal and external context. An example of a risk statement related to financial misconduct might be: “We have a very low appetite for internal fraud, and fraud control requirements are in place to manage and reduce financial risk even if there is a negative cost-benefit.”

Risk appetite and culture

The board is responsible for setting the organisation’s risk culture and integrating a risk appetite statement into the risk framework. A poor risk culture can lead to excessive risk-taking beyond the company’s risk appetite and problems such as the underreporting of risks, a lack of transparency, chronic non-compliance, and other issues that threaten the mission. Effective risk governance considers external and internal factors when defining risk appetite. The board is responsible for confirming the risk appetite statement aligns with management’s risk decisions and for setting the tone and making expectations about risk clear.

Monitoring risk appetite

There are six steps to monitoring risk appetite:

  1. Identify key objectives and confirm the risk appetite statement aligns with them.
  2. Define appetite by category — strategic, financial, operational, compliance, cyber, climate, and reputational — and assign a risk level (high, moderate, low) with a description of tolerance for each.
  3. Describe the preferred risk profile (conservative, balanced, or aggressive) and establish the risk culture based on these characteristics.
  4. Set measurable risk limits and identify who will monitor exposure, enforce limits, and escalate breaches.
  5. Establish a reporting cycle for monitoring risks and reviewing the risk appetite.
  6. Communicate the statement to staff, develop supporting policies and controls, and review the statement annually.
board-committees
Practical Risk for Company Directors Course
Designed to equip you with practical knowledge and tools to confidently navigate the complexities of risk at the board level.
Learn more

Risk appetite statement examples

Getting started writing your own risk appetite statement can be a challenge. Below are three examples to help you get started.

Example 1: Small Not-For-Profit Club

Risk appetite statement

Endorsement

As the President of the Small Not-For-Profit Club, I endorse this Risk Appetite Statement. It is crucial for our club to make informed decisions that align with our mission and values while managing risks responsibly.

Definition and Use

Our risk appetite defines the level of risk we are willing to accept to achieve our objectives. It guides our decision-making process and ensures that we are prepared to handle uncertainties that may arise.

Overall Attitude

Our club adopts a cautious approach to risk-taking. While we recognise the need to take certain risks to fulfill our mission, we prioritise safeguarding our financial stability, reputation, and the well-being of our members.

Risk Categories and Tolerance

  • Financial Risk: We have a low appetite for financial risk. We aim to maintain a balanced budget and ensure all expenditures are justifiable and within our financial means.

  • Operational Risk: We have a moderate appetite for operational risk. We encourage innovative activities and events that align with our mission, provided they do not jeopardize the club’s core operations.

  • Reputational Risk: We have a very low appetite for reputational risk. Maintaining a positive public image and trust with our stakeholders is paramount.

  • Compliance Risk: We have zero tolerance for non-compliance with legal and regulatory requirements. All activities must adhere strictly to applicable laws and regulations.

Limitations

In exercising risk tolerance, any decision that could potentially harm our members, violate laws, or significantly impact our financial health will not be considered. Risk assessments must be conducted for all major initiatives.

Example 2: Large Superannuation Fund

Risk appetite statement

Endorsement

As the Board of the Large Superannuation Fund, we fully support this Risk Appetite Statement. Our commitment to informed risk-taking is essential for safeguarding our members’ retirement savings and achieving sustainable growth.

Definition and Use

Our risk appetite defines the extent of risk we are willing to accept in our investment and operational activities to meet our objectives. It serves as a framework for strategic planning and decision-making.

Overall Attitude

We adopt a balanced approach to risk-taking. While aiming for competitive returns, we prioritise protecting our members’ assets and ensuring long-term sustainability.

Risk Categories and Tolerance

Investment Risk: We have a moderate appetite for investment risk. Our diversified portfolio strategy aims to optimise returns while mitigating undue exposure to market volatility.

Operational Risk: We have a low appetite for operational risk. Robust internal controls and procedures are in place to ensure efficient and secure operations.

Liquidity Risk: We have a low appetite for liquidity risk. We maintain sufficient liquidity to meet member withdrawals and other obligations without compromising our investment strategy.

Compliance Risk: We have zero tolerance for non-compliance. Adhering to regulatory requirements and industry standards is non-negotiable.

Reputational Risk: We have a very low appetite for reputational risk. Upholding our reputation for integrity and trustworthiness is critical.

Limitations

Decisions that could significantly jeopardise our members’ savings, breach regulatory requirements, or damage our reputation are strictly prohibited. Comprehensive risk assessments are mandatory for all high-impact activities.

Example 3: Medium-Sized Technology Firm

Risk appetite statement

Endorsement

As the CEO of the Medium-Sized Technology Firm, I endorse this Risk Appetite Statement. Informed risk-taking is essential to drive innovation and growth while ensuring stability and compliance.

Definition and Use

Our risk appetite outlines the level of risk we are willing to accept to achieve our strategic goals. It guides our approach to innovation, investment, and operational management.

Overall Attitude

We are open to taking calculated risks, particularly in areas that drive innovation and competitive advantage, while maintaining strong controls to manage potential downsides.

Risk Categories and Tolerance

Innovation Risk: We have a high appetite for innovation risk. We encourage experimentation and investment in new technologies and solutions, accepting that some initiatives may not succeed.

Operational Risk: We have a moderate appetite for operational risk. While we strive for efficiency and reliability, we are willing to accept some risk in pursuing operational improvements.

Financial Risk: We have a low appetite for financial risk. We maintain a prudent financial strategy, ensuring stability and sustainable growth.

Compliance Risk: We have zero tolerance for non-compliance. Compliance with all relevant laws and regulations is mandatory.

Reputational Risk: We have a low appetite for reputational risk. Protecting our brand and maintaining stakeholder trust is critical.

Limitations

Risk tolerance is limited by our commitment to legal compliance, financial prudence, and reputational integrity. All significant projects must undergo thorough risk assessments to ensure alignment with our risk appetite.

Podcast Episode: Risk Appetite

Prefer to listen?

Check out the Our Cat Herder Herding Cats discussion on Risk Appetite.

Frequently Asked Questions

Frequently Asked Questions

What are the 5 levels of risk appetite?

  • Averse: Avoidance of risk and uncertainty. This level involves making decisions and taking actions that eliminate or significantly reduce exposure to risk. Typically chosen by organisations prioritising stability and predictability over potential rewards.
  • Minimalist: Preference for very low-risk options with little potential for reward. Organisations with a minimalist risk appetite prefer safe, secure choices and only take on risks that are absolutely necessary.
  • Cautious: Preference for safe, low-risk options with a low degree of uncertainty. Such organisations are open to taking on some risk but only if it is well understood and managed.
  • Open: Willing to consider all options, with moderate risk and reward. These organisations balance potential benefits and risks, and are willing to engage in opportunities with a measured approach to risk management.
  • Hungry: Eager to pursue high-risk options with high potential rewards. Entities with a hungry risk appetite are aggressively looking for opportunities that could yield significant returns, even if they come with substantial risks.

What is an example of risk appetite and risk tolerance?

Risk Appetite: A technology startup may decide it is willing to invest up to 30% of its capital in experimental projects with high growth potential, demonstrating a high risk appetite by actively seeking opportunities that could lead to significant breakthroughs.

Risk Tolerance: The same startup might set a risk tolerance limit of no more than 10% loss in any single project. This means while they are willing to take significant risks, they have clear boundaries to manage potential losses and ensure overall financial stability.

What is another word for risk appetite?

Risk appetite, also known as risk preference, refers to an individual's or organisation's willingness to take on risks in pursuit of their objectives. This concept considers the balance between potential rewards and negative consequences, as well as the available resources to manage those risks. Risk appetite is closely related to other terms such as risk inclination and risk propensity, which describe the overall tendency to either embrace or avoid risk when making decisions.

Other terms that might be used include risk capacity, risk attitude, risk propensity, risk preference, and risk perception. Although some sources use these terms interchangeably, others distinguish between them within more comprehensive risk appetite frameworks, assigning specific meanings to each term to create a more nuanced understanding of how individuals and organisations approach risk.

Is high risk appetite good or bad?

Whether a high risk appetite is good or bad depends on the context and the entity's capacity to manage risk. For innovative industries or startups, a high risk appetite can drive significant growth and lead to pioneering advancements. However, for more established companies or conservative sectors, it might lead to instability and potential losses if not properly managed. The key is ensuring that the level of risk taken aligns with the organisation's overall strategy, capabilities, and market conditions.

Is there a course to learn how to set risk appetite?

The Practical Risk for Company Directors Course by Better Boards focuses on effective risk oversight from the boardroom perspective. It’s designed to equip directors with practical skills to manage organisational risk confidently.

Course Highlights:
  • Risk Essentials & Board-Level Assessment: Learn to evaluate and monitor risks tailored to board oversight.
  • Leveraging Risks: Discover strategies to turn risks into opportunities.
  • Risk Reporting & Culture: Master risk reporting techniques and foster a proactive risk culture.

You’ll gain tools to differentiate between risk appetite and tolerance, improve decision-making, and prepare for future risks. Join via BoardWise for a comprehensive toolkit in governance excellence.

How do you develop risk appetite?

  • Assess Current Position: Understand the current risk profile and capabilities of the organisation. Conduct a thorough analysis of existing risks, controls, and risk management practices to establish a baseline.
  • Stakeholder Engagement: Involve key stakeholders, including executives, board members, and employees, to align on risk objectives and boundaries. Ensure everyone understands the importance of risk management and their role in it.
  • Define Objectives: Clearly articulate business goals and the level of risk required to achieve them. Establish specific, measurable, achievable, relevant, and time-bound (SMART) objectives that guide risk-taking behavior.
  • Develop Frameworks: Establish policies and frameworks to manage and monitor risk. This includes setting risk limits, creating risk assessment processes, and defining roles and responsibilities for risk management.
  • Continuous Review: Regularly review and adjust risk appetite in response to changing conditions and performance outcomes. Implement a feedback loop to monitor the effectiveness of risk management practices and make necessary adjustments to maintain alignment with strategic objectives.

Audit Report

Risk Matrix

Board of Directors

Risk Register

Risk Statement

Additional Resources

Practical Risk for Company Directors Course

Effective Board Evaluation

Board Member Training Webinars

Strategic Planning Principles & Practices

Legal Obligations of NFP Directors

Recommended Reading

What is a shadow director

Non-Profit Fact Sheets

What Is a Shadow Director?

Board directors often ask others for advice on a range of issues related to finance, law, risk, and governance. On occasion, these relationships can …

What is a public ancillary fund

Non-Profit Fact Sheets

What is a Public Ancillary Fund (PubAF)?

A Public ancillary fund (PubAF) is an entity that receives and distributes money or property to charitable organisations. PubAFs are run by a company …

Public officer

Governance Glossary

Public Officer

Jump to Section What does a public officer do? Which states require a public officer? States and territories that use “public officer” …

Recommended Viewing

Strategic alignment

Webinars

Strategic Alignment: Connecting Your Execution to Your Organisation's Goals

Many associations have a clear strategy and a worthy purpose, yet still struggle to turn that direction into delivery. The gap rarely sits with the …

Director liability

Webinars

Increasing Governance Requirements, Director Liability and Quality

Directors are increasingly feeling the pressure of increased expectations and personal burden. There is a greater variety of risks that directors are …

Chair ceo relationship

Webinars

Getting the Chair/CEO Dynamic Right: The Most Consequential Relationship in Your Organisation

Better Boards is pleased to present this session in partnership with Fiona Allan, independent advisor to the cultural and not-for-profit sector, and …

Author

linked in logo LinkedIn

About

Better Boards connects the leaders of Australasian non-profit organisations to the knowledge and networks necessary to grow and develop their leadership skills and build a strong governance framework for their organisation.

Conference
Strategic alignment

Upcoming Webinar: Strategic Alignment: Connecting Your Execution to Your Organisation's Goals

Friday 12 June 2026 @ 1pm - 2pm (AEST)
Find out more...

Found this article useful or informative?

Join 5,000+ not-for-profit & for-purpose directors receiving the latest insights on governance and leadership.

Receive a free e-book on improving your board decisions when you subscribe.

Unsubscribe anytime. We care about your privacy - read our Privacy Policy .