top of page
Search

Risk Appetite Is a Leadership Decision, Not a Compliance Exercise

By Erin Sedor | Black Fox Strategy


You’ve already defined your risk appetite. You just didn’t do it on purpose.


Every strategic decision you’ve made—every investment, every hire, every market you’ve entered or walked away from—carries a risk profile. Whether you articulated it or not, you were making a statement about how much risk your organization is willing to take on in pursuit of what matters most. The question isn’t whether you have a risk appetite. You do.


The question is whether you’ve defined it clearly enough that it actually guides anything.


For most organizations, the honest answer is no. Risk appetite shows up in boardrooms and governance frameworks. It gets referenced in annual reports and makes an appearance in conversations with auditors and regulators. But when it comes to actually informing how the CEO makes strategic decisions—which growth opportunities to pursue, how fast to scale, how far to push into unfamiliar territory—the concept usually evaporates into vague language about being “moderately risk tolerant” or “prudently aggressive.”


That isn’t risk appetite. That’s a governance placeholder. And the distance between the two is where real strategic value gets lost.


The Language Problem That’s Costing You More Than You Think

Before we go further, let’s clear up a definitional mess that trips up even experienced leaders. Three terms get muddled constantly in risk conversations, and as a CEO, you need to know the difference—because each one drives a fundamentally different conversation.


  • Risk tolerance is operational. It defines how much variance your teams will accept in day-to-day execution—the guardrails on projects, budgets, and processes. It’s the acceptable range of deviation from plan that your people manage every day. Important, yes. But it’s not strategic.


  • Risk capacity is financial. It defines the outer limits of what your organization can absorb if something goes seriously wrong—your reserves, your insurance, your financial structure. It’s the ceiling on survivable loss. Your CFO probably has a handle on this. It’s necessary context, but it’s not the whole picture.


  • Risk appetite is strategic. It defines the amount and type of risk the organization is willing to take on to achieve its most important objectives. It’s not about what you can survive. It’s about what you’re willing to bet—deliberately—on the things that matter most. Risk appetite lives at the intersection of ambition and discipline. It is a leadership decision.


And yet, in most organizations, nobody has given the CEO a structured way to define it. You end up making those calls—often consequential ones—reactively, by gut, or by committee default. The traditional enterprise risk management world hasn’t helped. Despite decades of frameworks and standards, the ERM profession has failed to give leaders a practical way to connect risk to strategic intent. Only 11% of senior finance leaders view their organization’s risk management as a strategic tool delivering competitive advantage. The other 89% see it as a compliance function. At best.


That’s not a risk management failure. That’s a design flaw in how we’ve been building strategy.


The Context Problem (And Why Your Strategy Is Vulnerable Without It)

Here’s what I’ve seen across thirty-plus years of working in strategy and risk at every level of organizational complexity: strategy and risk management almost always operate in parallel.


Not in partnership. In parallel.


Your risk team is cataloging threats. Your strategy team is building plans. Neither has what they need from the other to do their job well. And the CEO—the one person who needs both perspectives to make sound strategic calls—is left to bridge the gap through intuition, experience, and hope.


This is not a new problem. It’s a structural one. And it starts with how strategy itself gets designed.


I’ve watched it happen in billion-dollar government contracting entities, in regional nonprofits, in publicly traded tech companies, and in Alaska Native Corporations navigating some of the most complex governance structures in the country. The specifics change. The pattern doesn’t. Risk lives in one silo. Strategy lives in another. And the leadership team spends its energy managing the consequences of a disconnect that was baked into the process from the start.


The fundamental flaw in traditional strategic planning is the absence of context that connects strategy to what matters most for organizational health. Most planning processes are designed from the outside in—market analysis, competitive positioning, revenue targets—and then risk gets layered on after the plan is already built. By then, the structural decisions are made.


Risk becomes a rearview mirror exercise, cataloging threats to a plan that never accounted for them in the first place.


Strategy without risk intelligence is wishful thinking. Risk assessment without strategic context is a catalog of threats with no anchor to what actually matters. And the cost of this disconnect is not theoretical. Strategic misalignment wastes an estimated 60% of a company’s resources. The number-one barrier to organizational reinvention, cited by 35% of executives in a 2025 PMI study, is the disconnect between planning and execution.


Meanwhile, only 18% of risk owners provide high-quality information about their risks, and just 14% have effective mitigation plans. The data paints a clear picture: the gap between strategy and risk isn’t a people problem. It’s an architecture problem.


Risk appetite is the bridge between these two worlds. But building that bridge requires a different strategic foundation than the one most planning processes provide.


A Different Foundation: Purpose, Growth, and Evolution in Equilibrium


The Essential Strategy Formula is built on a premise that is simple, deeply grounded, and universally applicable: there are three things at the heart of every healthy organization, regardless of size, industry, or complexity.


Organizations must have a compelling Purpose—one that is internally compelling and externally valuable in its contribution. Purpose isn’t a poster on the wall or a tagline for your annual report. It’s the strategic anchor that defines why the organization exists, why anyone should care, and what contribution it makes to those it serves. When purpose is unclear or disconnected from reality, drift and misalignment are inevitable.


They must Grow with intention—growth that is matched by adaptive learning and expansion of capabilities to sustain both speed and scale. Growth isn’t just revenue. It’s the deepening of core competencies and the building of internal capacity that makes revenue sustainable. Growth without capability expansion is a recipe for collapse.


And they must Evolve—actively anticipating the changing needs and wants of all those who serve and who are served by the organization. Evolution isn’t about chasing the next transformation initiative or reacting to every market tremor. It’s about reading the environment with enough foresight and clarity to adapt before the environment forces your hand.


A fourth element—Equilibrium—weaves through the other three, operating as the catalyst for balancing strategic priorities and making better decisions. Equilibrium is not a conceptual nice-to-have. It is the mechanism that ensures Purpose, Growth, and Evolution don’t operate in isolation—which is precisely the problem that traditional planning creates. Without it, organizations lurch from one priority to another, overinvesting here, underinvesting there, and wondering why the plan never coheres into sustained performance.


Together, Purpose, Growth, Evolution, and Equilibrium create the strategic context that traditional planning fails to provide. And that context is exactly what makes meaningful risk appetite possible.


Four Questions That Change Everything

When you have this foundation, risk appetite stops being abstract. It becomes actionable—grounded in the strategic realities that actually drive your organization.


The Essential Strategy Risk Appetite Framework does what traditional approaches don’t: it connects risk directly to strategic intent through four questions, each one aligned to a pillar of how healthy organizations actually work.


The Investment Question, aligned to Purpose: How much do we invest before the cost is too great? This question sits at the intersection of purpose and pragmatism. Your organization exists to deliver on a stated purpose, and that purpose requires investment—financial capital, human capital, organizational bandwidth, and reputation. The tension between what you’re willing to spend and what you stand for is real, and it’s constant. The goal isn’t to eliminate that tension. It’s to define the boundaries within which it operates—consciously, deliberately, with real numbers attached. Not aspirational language. Quantified commitment that can be tracked, reported, and held accountable.


The Speed and Value Question, aligned to Growth: How fast can we get there without sacrificing existing value? The pressure to grow fast is relentless. New markets, new programs, new capabilities, all pursued at a pace that often outstrips the organization’s ability to absorb them. Your board wants growth. Your market demands it. And your people are telling you—in ways both direct and indirect—that the pace is unsustainable. This question forces an honest reckoning: how fast can you pursue growth objectives without eroding the competencies, capabilities, and relationships that made you worth something in the first place?


The Change Question, aligned to Evolution: To what extent are we willing to change? This might be the most uncomfortable question of the four—and the most revealing. Most organizations say they embrace change. The data suggests otherwise. Gartner reports that 93% of change-fatigued employees say their employer has backtracked on at least one promised change, resulting in decreased trust in leadership. That’s not evolution. That’s organizational whiplash. The real question isn’t whether you’re willing to change. It’s how far—and at what cost to culture, identity, and the people who make your organization what it is.


The Critical Path Question, the Equilibrium check: What threats have the potential to disrupt the Critical Path to strategic execution? With Purpose, Growth, and Evolution addressed, you step back and take a wider view. This is Equilibrium at work—the mechanism that reveals where your strategy is most exposed. The Critical Path defines the highest priorities for execution, the goals and initiatives that, if they fail or are disrupted, compromise the entire strategic plan. This final question is where strategy and enterprise risk intelligence must converge most tightly—protecting the resources, competencies, and capabilities essential to getting where you’re going.


Why This Alignment Matters More Than You Think

These four questions aren’t random. Each one is tied directly to a Rule of Quantum Intelligent Strategy—the foundational principles that govern how Purpose, Growth, Evolution, and Equilibrium operate as interconnected forces within any organization.


Without a clear strategic anchor for Purpose, the Investment Question has no context. Without the Investment Question, Purpose produces aspiration without discipline. The same holds true across Growth and the Speed and Value Question, Evolution and the Change Question. And without Equilibrium—without the integrating force that reveals how these three elements interact, create tension, and depend on each other—the first three operate in isolation. Which is precisely how most strategic planning works, and precisely why 90% of strategies fail to execute.


Organizations are complex adaptive systems. Everything within them is connected. Every decision creates ripple effects that travel through the system in ways that linear planning models don’t account for. When you understand your organization through this lens, you see purpose, growth, and evolution not as separate strategic goals but as interdependent forces that must be balanced with intention. Risk appetite becomes the mechanism for maintaining that balance—the strategic discipline that keeps your organization adaptive without becoming chaotic, ambitious without becoming reckless.


And the evidence isn’t subtle. Companies with advanced risk management practices are 2.5 times more likely to be top financial performers in their industry. Organizations with integrated risk management are 30% more likely to achieve their strategic objectives. When you connect risk to strategy with real structure and real intent, it pays off. Not eventually. Measurably. The question is whether you’re going to keep treating risk appetite as something your compliance team owns, or reclaim it as the leadership discipline it was always meant to be.


What This Means for You

If you’re a CEO or executive director reading this, I’ll be direct. Your organization almost certainly has risk appetite language somewhere in its governance documents. And it almost certainly isn’t doing anything useful.


The gap between strategy and risk isn’t a mystery. It’s a design flaw. And it’s entirely fixable.

You don’t need a mature ERM program to begin this work. You don’t need perfect data or a six-month planning cycle. You need willingness to have an honest conversation about what you’re actually willing to risk—and for what. Start with Purpose. It’s often the most revealing, because it forces you to reconcile what you say the organization stands for with what you’re actually willing to invest to make that real.


It starts with four questions. Not the sprawling, jargon-laden risk assessment questionnaires your compliance team circulates. Four direct, strategic questions that create the context for defining how much risk is worth taking—and for which strategic objectives.


How much do we invest before the cost is too great?

How fast can we get there without sacrificing value?

To what extent are we willing to change?

What threatens the critical path?


These aren’t compliance questions. They’re leadership questions. And the answers don’t belong in a governance binder. They belong in your strategic plan, in your decision-making architecture, and in every conversation where the future of your organization is on the table.


Risk appetite is not a governance formality. It is the clearest expression of strategic courage an organization can make. When you define it with the right structure, the right context, and the right intent, it stops being an artifact and starts being one of the most powerful tools in your leadership arsenal.


And it starts with you.



Erin Sedor is an executive advisor and strategic performance expert with 30+ years of experience in strategy, risk, and organizational performance across every sector and level of complexity. She is the creator of Essential Strategy and the Quantum Intelligence framework for conscious, adaptive leadership.

Comments

About Erin Sedor

With more than three decades of experience under my belt navigating in high-growth organizational environments to manage strategic risk and organizational change, there's not much I haven't seen. My practice has put me alongside executives in organizations of all sizes, types, and industries - vision alignment, risk visibility, and strategic performance are always the topics at hand. Leaders who hire me are confident and excited about the journey they are on and recognize the value of thought diversity and independent perspective. They are looking for the insight they need to make meaningful and effective strategic decisions that will move the organization forward. 

bottom of page