Governance and the entire risk process should take an enterprise risk management perspective to ensure that the value of the entire enterprise is maximized. For example, a corporate pension fund manager should consider not only the pension assets and liabilities but also the parent corporation's business risk profile. In other words, the focus should be on the organization as a whole.
Useful approaches to ensuring a strong risk governance framework:
Risk tolerance, a key element of good risk governance, establishes an organization's risk appetite.
Ascertaining risk tolerance starts from an inside view and an outside view. What shortfalls within an organization would cause the organization to fail to achieve some critical goals? What are the organization's risk drivers? Which risks are acceptable and which are unacceptable? How much risk can the overall organization be exposed to?
Risk tolerance is then formally chosen using a top-level analysis. The organization's goals, expertise in certain areas, and strategies should be considered when determining its risk tolerance. This process should be completed and communicated before a crisis.
While risk tolerance determines which risks are acceptable, risk budgeting decides how to take risks. It is a means of implementing risk tolerance at a strategic level.
Risk budgeting is any means of allocating investments or assets based on their risk characteristics. Single or multiple dimensions of risk can be used. Common single-dimension risk measures are standard deviation, beta, value at risk, and scenario loss. The risk budgeting process forces the firm to consider risk trade-offs. As a result, the firm should choose to invest where the return per unit of risk is the highest.
Some risk budgeting practices: