Risk appetite

Risk appetite is the level of risk that an organization is prepared to accept in pursuit of its objectives,^[1] before action is deemed necessary to reduce the risk. It represents a balance between the potential benefits of innovation and the threats that change inevitably brings. This concept helps guide an organization's approach to risk management. Risk appetite factors into an organization's risk criteria, used for risk assessment.^[2]

^
result to be achieved
Note 1: An objective can be strategic, tactical or operational.
Note 2: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).
Note 3: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as a management system objective, or by the use of other words with similar meaning (e.g. aim, goal, target).

ISO 31073:2022 — Risk management — Vocabulary — objective.
^ "6.3.4 Defining risk criteria". ISO 31000:2018 — Risk management — Guidelines.

[1] 
result to be achieved
Note 1: An objective can be strategic, tactical or operational.
Note 2: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).
Note 3: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as a management system objective, or by the use of other words with similar meaning (e.g. aim, goal, target).

ISO 31073:2022 — Risk management — Vocabulary — objective.

[2] "6.3.4 Defining risk criteria". ISO 31000:2018 — Risk management — Guidelines.

[1]

[2]