Operational Resilience Body of Knowledge (OR BoK) Series
BGBann_Playbook_Crisis Management

[OR] [BOK] [4] [P1] [S4] Confirm Risk Appetite

Capability and maturity are models against which an organisation’s operational resilience performance can be measured and improved.

These capability and maturity models describe the essential elements of effective operational resilience processes and work to be executed in the organisation. The rigour and quality of the process used to develop them highly influence the assurance of continuing business services.

This blog [OR-P1-S4] elaborates on the content for Stage 4 of the "PLAN" phase or P1 of the OR Planning Methodology.  

Course Participants: This blog is a pre-reading for the Operational Resilience Expert Implementer course participants.

Certification Application: The "How To" section is designed to assist successful participants in completing their Certification Application Form or CAF.

Moh Heng Goh
Operational Resilience Certified Planner-Specialist-Expert

New call-to-action

 

 

Element

Description

Purpose

To establish and confirm the organisation’s risk appetite and tolerance thresholds in the context of operational resilience, ensuring alignment with enterprise strategy, stakeholder expectations, and regulatory requirements.

Objectives
  • Define acceptable levels of disruption to critical business services.
  • Align operational resilience risk appetite with the enterprise risk management (ERM) framework.
  • Ensure compliance with regulatory expectations.
  • Provide clear boundaries for decision-making, resource allocation, and resilience investments.

Inputs

  • Enterprise Risk Management (ERM) policies and framework.
  • Existing risk appetite statements (strategic, financial, operational).
  • Regulatory requirements (e.g., MAS, FCA, PRA, Basel guidelines).
  • Business Impact Analysis (BIA) and risk assessments.
  • Board and senior management directives.

Activities

  • Review Organisational Risk Appetite Framework – Assess current ERM and appetite statements for alignment gaps.
  • Define OR-Specific Risk Appetite – Establish risk tolerance thresholds for disruption scenarios (e.g., maximum tolerable outage, financial/reputational impacts).
  • Engage Stakeholders – Conduct consultations with board, senior management, and business unit heads.
  • Document and validate – Draft resilience-specific risk appetite statements and obtain governance approval.
  • Communicate and Integrate – Disseminate confirmed risk appetite and embed into OR planning, testing, and reporting.

Outputs

  • Approved Operational Resilience Risk Appetite Statement.
  • Defined tolerance thresholds for critical business services.
  • Alignment of OR risk appetite with ERM framework.
  • Documented governance endorsement and stakeholder buy-in.

Linkages

  • Preceding Stages: P1-S1 Establish Governance, P1-S2 Define Critical Business Services, P1-S3 Identify Important Business Services and Dependencies.
  • Subsequent Stage: P1-S5 Set Impact Tolerances (builds upon confirmed risk appetite).
  • Related OR BoK: Risk Management and Oversight, Scenario Testing.
 
"Plan" Phase of the OR Planning Methodology

 

Assess Capability and Maturity Analyse Gap Develop Strategy and Roadmap Confirm Risk Appetite Develop and Embed Governance  
OR PM Plan Assess Capability and Maturity OR PM Plan Analyse Gap New call-to-action New call-to-action OR PM Develop and Embed Governance  

 

More Information About Blended Learning OR-5000 [BL-OR-5] or OR-300 [BL-OR-3]

Contact our course consultant colleagues to learn more about our blended learning program and the next course schedule.  They are the BL-OR-3 Blended Learning OR-300 Operational Resilience Implementer and the BL-OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer.

BL-OR-3 Register Now BL-OR-3_Tell Me More BL-OR-3_View Schedule
BL-OR-5_Register Now BL-OR-5_Tell Me More  [BL-OR] [3-4-5] View Schedule
[BL-OR] [3] FAQ OR-300

If you have any questions, click to contact us.Email to Sales Team [BCM Institute]

FAQ BL-OR-5 OR-5000
New call-to-action

New call-to-action

New call-to-action

Comments:

 

More Posts

New Call-to-action