Risk Appetite vs Risk Tolerance vs Risk Threshold
Risk Appetite vs Risk Tolerance vs Risk Threshold is one of the most popular articles on projectcubicle.com. Risk Appetite is a tendency towards risks, Risk Tolerance is an acceptable variance, and Risk Threshold is a quantified limit beyond which you will not accept the risk. These terms are mentioned in the project risk management plan as the factors that determine the risk attitude. Although they both reflect the organization’s or stakeholder’s attitude towards risk, they refer to different concepts. In this article, we will give the definition of Risk Appetite, Risk Tolerance, and Risk Threshold terms and discuss their differences by using examples.
Definition of Risk
A risk can be defined as an unforeseen event or condition that has positive or negative impacts on the project’s objectives in case of its occurrence. It may affect one or more than one of the following elements; the project’s scope, schedule, cost, and quality.
According to this definition, risk can be an opportunity or a threat to your project’s success. Thus, risk management seeks to increase the probability and impact of positive risks and decrease the probability and impact of negative risks.
The strategy to manage risks changes depending on the circumstances and the behavior of the organization towards risks.
In some cases, organizations accept the risks and sometimes avoid them. This depends on the risk attitude of the organization.
According to the PMBOK® Guide, Risk Appetite is the degree of uncertainty an organization or individual is willing to accept in anticipation of a reward. In other words, Risk Appetite is the amount of risk that an organization is prepared to pursue.
Organizations take risks in order to grow and meet their strategic objectives. Risk Appetite is the amount of risk that an organization is willing to take in order to innovate in pursuit of its objectives.
Some organizations are willing to take high risks, therefore, their Risk Appetite is high. Others are willing to take low risks, therefore, their Risk Appetite is low.
Risk appetite can vary based on factors such as ;
- Company Culture
- Organizational Objectives
- Financial Strength of the Organization
According to PMBOK® Guide, “Risk tolerance is the specified range of acceptable results.”
Risk tolerance indicates the sensitivity of an organization to risks. Critical projects force organizations to take more risks than uncritical projects.
Example for Risk Tolerance
Let’s assume that you are a sales manager of a real estate project. In order to speed up sales, you proposed to your top management making discounts. The sales price of a housing unit is 50,000 USD and the profit rate is %10. Your top management does not allow you to make a discount for more than 7 % of 50,000 USD. This %7 is your organization’s tolerance limit in order to gain %3 profit.
Another example is that your organization decided to participate in a tender. According to your calculations, the total project cost will be around 500,000 USD. You decided not to bid for more than 15% of the total project cost. This 15% is your organization’s tolerance limit.
According to PMBOK® Guide, Risk Threshold is “The level of risk exposure above which risks are addressed and below which risks may be accepted.”
A threshold level is a level beyond which an organization doesn’t want to tolerate the risk. In other words, the organization will not tolerate the risk above the threshold. It is a quantified limit beyond which your organization cannot pass.
Example for Risk Threshold
For the same example above, in order to speed up sales, you proposed to your top management to make discounts. The sales price of a housing unit is 50,000 USD and the profit rate is %10. Your company has a policy that a discount rate that is more than a profit rate can not be acceptable. Therefore your organization’s threshold for this project is 5,000 USD.
For the second example, your organization will participate in a tender. According to your calculations, the total project cost will be around 500,000 USD. You assembled a meeting with your top management and they told you that they cannot allow you to go beyond 80,000 USD, apart from the 500,000 USD.
Your organization’s risk threshold for this project is 80,000 USD.
Risk Appetite vs Risk Tolerance vs Risk Threshold
• Risk appetite is the amount of risk that an organization is willing to take in order to meet its strategic goals. It shows the organization’s hunger to take risks depending on the reward. In practice, it is not possible to quantify hunger. Therefore you can grade the Risk appetite of an organization from low to high.
• Risk tolerance is the willingness of an organization to accept or avoid risk. It can be described as an acceptable variance percentage.
• Risk threshold the amount beyond which an organization does not want to tolerate the risk. It can be described as an acceptable value (or a quantified limit).
In this article, we discussed the important risk management terms. Risk appetite, tolerance, and threshold concepts are used in the risk management plan to reflect the stakeholder’s attitude towards risk. However, they refer to varying degrees of risk that stakeholders are willing to accept.
If you don’t understand the differences between them, you will not create an effective risk management plan. Note that these are very important concepts from the PMP Certification Exam point of view. You may see some questions related to them.
If you want to share something related to the topic, you can do so through the comments section below.
How much risk is too much risk?
Francois Simosa is the head of training for the Gragados Training Associates, which provides special project management and risk management training programs.
Thank you for this article and great video.
However, my question is about the Risk Threshold and Tolerance.
Taking the USD 500,000 example the tolerance is 15%, thus; the Threshold would be (500,000 x 15% = 75,000) ?