Risk Appetite , Risk Tolerance , Risk Threshold
Risk Appetite, Risk Tolerance and Risk Threshold are different kinds of risk levels and they refer to different concepts within the project risk management. These terms are mentioned in the project risk management plan as the factors that determine the risk attitude. Although they both reflect the organizations or stakeholder attitude towards risk, they are different concepts. In this article, we will discuss Risk Appetite, Risk Tolerance and Risk Threshold terms and their differences with the help of examples.
Definition of Risk
Risk is an unforeseen event or condition that has positive or negative impacts on the project’s objectives in case of its occurrence. It may affect one or more than one project’s scope, schedule, cost, and quality.
According to this definition, risk can be an opportunity or a threat to your project’s success. Risk management seeks to increase the probability and impact of positive risks and decrease the probability and impact of negative risks.
The strategy to manage risks changes depending on the circumstances and the behavior of the organization towards risks.
In some cases, organizations accept the risks and sometimes avoid. This depends on the risk attitude of the organization.
According to PMBOK® Guide Risk Appetite is the degree of uncertainty an organization or individual is willing to accept on in anticipation of a reward. In other words, Risk Appetite is the amount of risk that an organization is prepared to pursue.
Organizations take risks in order to meet their strategic objectives. Risk Appetite is the amount of risk that an organization is willing to take risks in order to innovate in pursuit of objectives.
Some organizations are willing to take high risks, therefore, their Risk Appetite is high. Others are willing to take low risks, therefore, their Risk Appetite is low.
Risk appetite can vary based on factors such as ;
- Company Culture
- Organizational Objectives
- Financial Strength of the Organization
According to PMBOK® Guide, Risk Tolerance is “Risk tolerance is the specified range of acceptable results.”
Risk tolerance indicates the sensitivity of an organization to risks. Critical projects force organizations to take more risks than uncritical projects.
Example for Risk Tolerance
Let’s assume that you are a sales manager of a real estate project. In order to speed up sales, you proposed to your top management to make discounts. The sales price of a housing unit is 50,000 USD and the profit rate is %10. Your top management does not allow you to make a discount for more than 7 % of 50,000 USD. This %7 is your organization’ s tolerance limit in order to gain %3 profit.
Another example is that your organization will participate in a tender. According to your calculations, the total project cost will be around 500,000 USD. You decided not to bid for more than 15% of the total project cost. This 15% is your organization’s tolerance limit.
According to PMBOK® Guide, Risk Threshold is “The level of risk exposure above which risks are addressed and below which risks may be accepted.”
A threshold level is a level beyond which an organization doesn’t want to tolerate the risk. The organization will not tolerate the risk above the threshold. Risk threshold is a quantified limit beyond which your organization cannot pass.
Example for Risk Threshold
Let’s assume that you are a sales manager of a real estate project. In order to speed up sales, you proposed to your top management to make discounts. The sales price of a housing unit is 50,000 USD and the profit rate is %10. Your company has a policy that a discount rate which is more than a profit rate can not be acceptable. Therefore your organization’s threshold for this project is 5,000 USD.
Another example is that your organization will participate in a tender. According to your calculations, the total project cost will be around 500,000 USD. You assembled a meeting with your top management and they told you that they cannot allow you to go beyond 80,000 USD, apart from the 500,000 USD.
Your organization’s risk threshold for this project is 80,000 USD.
Risk Appetite vs Risk Tolerance vs Risk Threshold
• Risk appetite is the amount of risk that an organization is willing to take in order to meet its strategic goals. It shows the organization’s hunger to take risks depending on the reward. In practice, it is not possible to quantify the hunger. Therefore you can grade the Risk appetite of an organization from low to high.
• Risk tolerance is the willingness of an organization to accept or avoid risk. It can be described as an acceptable variance percentage.
• Risk threshold the amount beyond which an organization does not want to tolerate the risk. It can be described as an acceptable value (or a quantified limit).
In this article, we discussed the important risk management terms. Risk appetite, tolerance, and threshold concepts are used in the risk management plan to reflect the stakeholder’s attitude towards risk. However, they refer to varying degrees of risk that stakeholders are willing to accept. If you don’t understand the differences between them, you will not create an effective risk management plan. Note that these are very important concepts from the PMP Certification Exam point of view. You may see some questions related to them.
If you want to share something related to the topic, you can do so through the comments section below.