Discover whether your risk appetite is in sync with your organization's acceptable level of risk. Define the likelihood of an incident and its impact on your organization, then select your response.

Here's how it works: An incident is assigned a risk score by multiplying the impact and likelihood scores. Ranges of risk scores are then associated with different levels of management attention. This is a hypothetical example. Organizations develop personalized risk scoring criteria and escalation activities based on the elements and performance measures required to meet key stakeholder demands.



How many systems would the incident impact?

How many customers would the incident impact?

What would be the likely impact of the incident in lost revenue or additional cost?


How likely is an event given your existing controls, risk management treatments and activities?


What action would you take to manage the risk or incident?


What best describes your organization?

Are you using a Risk Appetite Table in your risk management toolset?