Call Us: US - +1 845 478 5244 | UK - +44 20 7193 7850 | AUS - +61 2 8005 4826

Organizational Risk Parameters of Risk Tolerance, Risk Appetite, and Risk Limits

This International Standard provides principles and generic guidelines on risk management.This International Standard can be used by any public, private or community enterprise, association, group or individual. Therefore, this International Standard is not specific to any industry or sector.

NOTE For convenience, all the different users of this International Standard are referred to by the general term “organization”.This International Standard can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.This International Standard can be applied to any type of risk, whatever its nature, whether having positive or negative consequences.Although this International Standard provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.It is intended that this International Standard be utilized to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards.This International Standard is not intended for the purpose of certification.

2   Terms and definitions

For the purposes of this document, the following terms and definitions apply.2.1riskeffect of uncertainty on objectivesNote 1 to entry: An effect is a deviation from the expected — positive and/or negative.Note 2 to entry: Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).Note 3 to entry: Risk is often characterized by reference to potential events (2.17) and consequences (2.18), or a combination of these.Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (2.19) of occurrence.Note 5 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of an event, its consequence.