Risk Appetite for NHS Organisations: A Matrix to support better risk sensitivity in decision taking
Risk appetite is ‘The amount of risk that an organisation is prepared to accept, tolerate, or be exposed to at any point in time’ (HMT Orange Book definition 2004). We need to know about risk appetite because:
- If we do not know what our organisation’s collective appetite for risk is and the reasons for it, then this may lead to erratic or inopportune risk taking, exposing the organisation to a risk it cannot tolerate; or an overly cautious approach which may stifle growth and development;
- If our leaders do not know the levels of risk that are legitimate for them to take, or do not take important opportunities when they arise, then service improvements may be compromised and patient and user outcomes affected.
GGI believes it helps to identify different vectors of risk appetite (money, policy, outcomes and reputation) but always to assess these in the round. To support this, we have developed a Risk Appetite Maturity Matrix for NHS organisations to support better risk sensitivity in decision-making.
The GGI Matrix sets five levels of risk appetite for each of the risk vectors (money, policy, outcomes and reputation). There are no right answers, but the matrix allows board members to articulate their appetite and tolerances and arrive at a corporate view, taking into account the risk appetite of others and the capacity for management to communicate and deliver. Boards should consider each strategic objective against the matrix and agree its level of risk appetite, what it can delegate, and what additional assurance it requires. The matrix can also be used for individual initiatives and emerging problems and should help the board to better manage its agenda and the level of routine reporting required.