
|
Element
|
Description
|
|
Purpose
|
To establish and confirm the organisation’s risk appetite and tolerance thresholds in the context of operational resilience, ensuring alignment with enterprise strategy, stakeholder expectations, and regulatory requirements.
|
| Objectives |
- Define acceptable levels of disruption to critical business services.
- Align operational resilience risk appetite with the enterprise risk management (ERM) framework.
- Ensure compliance with regulatory expectations.
- Provide clear boundaries for decision-making, resource allocation, and resilience investments.
|
|
Inputs
|
- Enterprise Risk Management (ERM) policies and framework.
- Existing risk appetite statements (strategic, financial, operational).
- Regulatory requirements (e.g., MAS, FCA, PRA, Basel guidelines).
- Business Impact Analysis (BIA) and risk assessments.
- Board and senior management directives.
|
|
Activities
|
- Review Organisational Risk Appetite Framework – Assess current ERM and appetite statements for alignment gaps.
- Define OR-Specific Risk Appetite – Establish risk tolerance thresholds for disruption scenarios (e.g., maximum tolerable outage, financial/reputational impacts).
- Engage Stakeholders – Conduct consultations with board, senior management, and business unit heads.
- Document and validate – Draft resilience-specific risk appetite statements and obtain governance approval.
- Communicate and Integrate – Disseminate confirmed risk appetite and embed into OR planning, testing, and reporting.
|
|
Outputs
|
- Approved Operational Resilience Risk Appetite Statement.
- Defined tolerance thresholds for critical business services.
- Alignment of OR risk appetite with ERM framework.
- Documented governance endorsement and stakeholder buy-in.
|
|
Linkages
|
- Preceding Stages: P1-S1 Establish Governance, P1-S2 Define Critical Business Services, P1-S3 Identify Important Business Services and Dependencies.
- Subsequent Stage: P1-S5 Set Impact Tolerances (builds upon confirmed risk appetite).
- Related OR BoK: Risk Management and Oversight, Scenario Testing.
|
"Plan" Phase of the OR Planning Methodology
| Assess Capability and Maturity |
Analyse Gap |
Develop Strategy and Roadmap |
Confirm Risk Appetite |
Develop and Embed Governance |
|
 |
 |
 |
 |
 |
|
| Operational Resilience Body of Knowledge - Plan |
| BoK 1 S1 |
BoK 2 S2 |
BoK 3 S3 |
BoK 4 S4 |
BoK 5 S5 |
![[OR] [BOK] [1] [P1] [S1] Assess Capability and Maturity](https://no-cache.hubspot.com/cta/default/3893111/9beb95f4-c90f-4369-be31-cec0f72f7fdc.png) |
![[OR] [BOK] [2] [P1] [S2] Analyse Gap](https://no-cache.hubspot.com/cta/default/3893111/e1ec985f-2675-46fc-b948-d2d5d6cdfd6c.png) |
![[OR] [BOK] [3] [P1] [S3] Develop Strategy and Roadmap](https://no-cache.hubspot.com/cta/default/3893111/58346b86-05e5-40fe-a3c6-b3e320994630.png) |
![[OR] [BOK] [4] [P1] [S4] Confirm Risk Appetite](https://no-cache.hubspot.com/cta/default/3893111/94d662d4-794a-4ee5-b0e1-00a7ed0d33e0.png) |
![[OR] [BOK] [5] [P1] [S5] Develop and Embed Governance](https://no-cache.hubspot.com/cta/default/3893111/c7b86964-b492-4053-a2ea-a2ddeae39ecf.png) |
More Information About Blended Learning OR-5000 [BL-OR-5] or OR-300 [BL-OR-3]
Contact our course consultant colleagues to learn more about our blended learning program and the next course schedule. They are the BL-OR-3 Blended Learning OR-300 Operational Resilience Implementer and the BL-OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer.