Home Updates IAE Explains Risk Appetite: A Key Board Responsibility Under SORMIC 2025

Risk Appetite: A Key Board Responsibility Under SORMIC 2025

One area that receives significantly greater attention in the SORMIC Guide 2025 is risk appetite.

The Guide defines risk appetite as the level of risk a company is willing to accept in pursuing its objectives and creating value. Importantly, the Guide emphasises that risk appetite is not static — it must evolve alongside the company’s strategy, business environment, and risk profile.

Under the new Guide, Boards are expected to play a far more active role in defining, reviewing, and operationalising risk appetite across the organisation.

This includes:

  • clearly determining the types and levels of risk the company is willing — and not willing — to accept;
  • ensuring risk appetite aligns with the company’s strategy, objectives, and capacity;
  • embedding risk appetite into decision-making, performance management, and control processes;
  • monitoring whether actual risk exposures remain within approved tolerances;
  • considering external stakeholder expectations when shaping risk appetite;
  • reviewing whether management actions and business strategies remain aligned with the approved risk appetite; and
  • reassessing risk appetite periodically in response to changes in the business and external environment.

The Guide also expects Boards to ensure that risk appetite is supported by measurable indicators, communicated clearly throughout the organisation, and reflected in operational and strategic activities.

In practice, this means Boards should no longer treat risk appetite as a high-level statement prepared solely for governance documentation purposes. Instead, it should become a practical management tool that guides strategic decisions, investment priorities, business expansion, operational limits, and responses to emerging risks.

Boards may therefore benefit from asking several important questions:

  • Does the organisation clearly understand its acceptable levels of risk?
  • Are risk appetite thresholds measurable and monitored?
  • Are business decisions being made consistently within those boundaries?
  • Is the organisation prepared for emerging risks such as AI disruption, cyber threats, climate-related exposures, and regulatory change?
  • Is there sufficient reporting to allow the Board to monitor changing risk exposures effectively?

By strengthening risk appetite governance, Boards can improve strategic alignment, decision-making discipline, and organisational resilience — while also demonstrating stronger oversight under the SORMIC framework.

IA Essential helps the listed Board in establishing a decision-useful Risk Appetite Framework that is consistent with the expectations of the 2025 SORMIC Guide and supports the Board and Management in:

  • Articulating clear and coherent risk appetite boundaries across key risk categories;
  • Aligning risk appetite with strategy, capital strength, operational resilience and governance maturity;
  • Incorporating relevant stakeholder perspectives into the risk appetite deliberation process; and
  • Establishing a practical framework that can be cascaded, monitored and reviewed as part of the Group’s ongoing risk governance processes.