Who sets risk policy and appetite in a typical risk governance structure?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Get ready for the CIMA Risk Management (P3) Exam with targeted study materials. Engage in quizzes and in-depth explanations to master risk assessment and strategic decision-making for your exam success!

Multiple Choice

Who sets risk policy and appetite in a typical risk governance structure?

Explanation:
Setting risk policy and appetite is a board-level responsibility because these decisions shape how the organisation approaches risk in line with its strategy, capital, and stakeholder expectations. The board approves the risk appetite statement, which defines the level and types of risk the organisation is prepared to accept, and it signs off the risk policy that establishes the governance framework, roles, and controls for managing risk. Once this overarching framework is set, management translates it into day-to-day risk limits, procedures, and reporting, ensuring operations stay within the approved boundaries. The risk committee can provide focused oversight and challenge on behalf of the board, but it does not independently determine policy or appetite. Internal audit, meanwhile, offers independent assurance that policies are being followed and controls are effective, rather than setting them.

Setting risk policy and appetite is a board-level responsibility because these decisions shape how the organisation approaches risk in line with its strategy, capital, and stakeholder expectations. The board approves the risk appetite statement, which defines the level and types of risk the organisation is prepared to accept, and it signs off the risk policy that establishes the governance framework, roles, and controls for managing risk. Once this overarching framework is set, management translates it into day-to-day risk limits, procedures, and reporting, ensuring operations stay within the approved boundaries. The risk committee can provide focused oversight and challenge on behalf of the board, but it does not independently determine policy or appetite. Internal audit, meanwhile, offers independent assurance that policies are being followed and controls are effective, rather than setting them.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy