USAID’s Risk Appetite Statement strengthens the Agency’s set of existing risk management tools and provides broad-based guidance to USAID staff on the amount and type of risk the Agency is willing to accept — based on an evaluation of opportunities and threats — to allow staff to better achieve our mission.
USAID first developed the Agency’s Risk Appetite Statement in 2018 as part of the integration of its Enterprise Risk Management (ERM) program, with the commitment to review and update the statement periodically to ensure that it aligns with the Agency’s current risk posture and priorities.
Q: What is a Risk Appetite Statement?
A: The Playbook: Enterprise Risk Management for the Federal Government [PDF] defines risk appetite as “the amount of risk an organization is willing to accept on a broad level in pursuit of its objectives given consideration of costs and benefits.” A risk appetite statement is a management tool that provides guidance from leadership to staff on the amount of risk an agency or organization is willing to undertake in pursuit of its objectives. Risk appetite statements “help agencies make risk-informed decisions with regard to allocation of resources, management controls, and potential consequences or impacts to other parts of the organization, and can reduce surprises and unexpected losses.”
Q: Why did USAID develop a Risk Appetite Statement?
A: In 2016, the United States Office of Management and Budget (OMB) updated Circular A-123 [PDF] to introduce a new requirement that Federal Departments and Agencies integrate Enterprise Risk Management (ERM) with their internal control systems. ERM is an intentional, holistic, Agency-wide approach to risk management that emphasizes addressing the full spectrum of threats and opportunities, and managing their combined impact as an interrelated risk portfolio.
While OMB does not require agencies to develop a formally documented risk appetite statement, USAID believes that a risk appetite statement, binding in Agency policy, supports Agency staff in making informed decisions about how to manage risk throughout the program cycle.
Q. Why did USAID update the Risk Appetite Statement?
A: USAID first developed the Agency’s Risk Appetite Statement in 2018 as part of the integration of its ERM program, with the commitment to review and update as appropriate. As a result, the updated 2022 Risk Appetite Statement strengthens the previous version with the inclusion of USAID’s commitment to Diversity, Equity, Inclusion, and Accessibility (DEIA), Protection From Sexual Exploitation And Abuse (PSEA), Counter-Trafficking in Persons (C-TIP), and do no harm as a key principle of inclusive development and humanitarian assistance. It also adds a new category on operational risk and incorporates cross-cutting risks, such as climate change, emergency preparedness, and supply chain.
Q: Who will use the Risk Appetite Statement?
A: Across the Agency, USAID leadership and staff in Washington and in Missions are using the Risk Appetite Statement to weigh opportunities and threats within their portfolios and sectors and utilize the Risk Appetite Statement in developing appropriate risk responses. The Risk Appetite Statement also informs our conversations with implementing partners and other stakeholders who work alongside us to advance the Agency’s mission.
Q: How is USAID using the Risk Appetite Statement?
A: USAID staff throughout the agency are using the Risk Appetite Statement to inform how we assess and respond to a broad range of risks in eight key risk areas (programmatic, legal, reputational, security, information technology, human capital, fiduciary, and operational), and how those risks may relate or impact other risks not referenced in the statement. The Risk Appetite Statement is a tool that can be used at every step of the USAID program cycle - from strategy formulation to project implementation to monitoring and evaluation.
This Risk Appetite Statement is a critical component in the Agency's overall effort to achieve effective ERM. In an effort to maintain its relevance, Agency leadership will perform periodic reviews and updates, as needed.
For questions about the updated Risk Appetite Statement, please contact email@example.com.