Understanding corporate risk has shot to the top of the agenda for ESG-focussed investors in recent months. Under the newly expanded Section C of The UK Corporate Governance Code, boards are explicitly tasked with being responsible for “determining the nature and extent of the significant risks [the board] is willing to take in achieving its strategic objectives”.

To mark its 25th anniversay, The Institute of Risk Management has responded with new guidance on risk appetite which, although aimed primarily at the corporate audience, should prove helpful to ESG executives seeking to better understand their investee companies' approach to risk appetite in pursuing their strategies.

IRM identifies two key principles which have been central to their work on risk appetite:

1. Risk appetite can be complex. Excessive simplicity, while superficially attractive, leads to dangerous waters: far better to acknowledge the complexity and deal with it, rather than ignoring it. 
2. Risk appetite needs to be measurable. Otherwise there is a risk that any statements become empty and vacuous.

Directors should understand how their performance drivers are impacted by risk. Shareholder value may be an appropriate starting point for some organisations; stakeholder value or ‘Economic Value Added’ may be appropriate for others. IRM anticaptes more use of key risk and control metrics which should be readily available inside or from outside the organisation. Relevant and accurate data is vital for this process and so directors are urged to ensure that there is the same level of data governance over risk disclosures as there would be over accounting data.

Click Here to access the report in full.