What is risk appetite and risk tolerance?

The terms “risk appetite” and “risk tolerance” are foundational concepts in risk management, helping organizations define how much risk they’re willing to accept:

• Risk Appetite:
• The “degree of uncertainty an organization or individual is willing to accept in anticipation of a reward.”
• A strategic-level statement expressing the broad amount of risk an organization is willing to take in pursuit of its objectives.
• Set by executives or the board and reflects organizational culture.
• Risk Tolerance:
• The “specified range of acceptable results.”
• More detailed and operational, it defines specific acceptable levels around that appetite.
• Quantifies the range of risk (e.g., “we will accept X% financial exposure”) and guides day-to-day decisions. If risk rises above tolerance, action is taken.
• Risk Thresholds:
• The “level of risk exposure above which risks are addressed and below which risks may be accepted.”
• Often used interchangeably with tolerance, thresholds define exact numeric or qualitative cutoffs triggering controls or escalation.