GV.RM-02:
Risk appetite and risk tolerance statements are established, communicated, and maintained
Implementation Examples
Ex1:
Determine and communicate risk appetite statements that convey expectations about the appropriate level of risk for the organization
Ex2:
Translate risk appetite statements into specific, measurable, and broadly understandable risk tolerance statements
Ex3:
Refine organizational objectives and risk appetite periodically based on known risk exposure and residual risk