Make sure your organisation’s use of AI matches how much risk it is willing and able to take. This helps everyone make decisions that reflect the organisation’s values, risk tolerance, and need for oversight.
Not all AI systems need the same level of control. The goal is to build a shared understanding of which types of AI risks are acceptable, and when extra checks, approvals or escalation are needed. In some organisations, a simple guide for low-risk AI use may be enough. Others may need clearer thresholds and stronger controls for higher-risk systems.
Where ESG or sustainability forms part of your risk appetite, or your AI use has a material environmental footprint, ensure these risks are explicitly considered in your AI governance and risk alignment processes.
Why it matters
Every organisation is comfortable with different levels of risk. When your AI governance matches that comfort level, it helps prevent mistakes, reduces the chance of harm, and ensures decisions are made at the right level.
If the current or planned AI use does not match your risk appetite, it can lead to reputational damage, compliance issues, or decisions that are inconsistent. Aligning your approach also helps you focus effort where it matters, avoiding too much control for safe uses, or too little for higher-risk ones.
Implementation tips
- Engage with your risk, legal, and compliance teams to clarify your organisation’s current risk appetite.
- Start simple: for generative AI tools, this might mean setting clear use boundaries.
- Map your AI risk categories to existing enterprise risk domains (e.g. legal, reputational, privacy).
- Create screening tools or a matrix to help assess whether an AI use fits within appetite, and support decisions with examples or internal guidance.
- Revisit alignment as your use of AI, or your risk appetite, changes.
Support materials
NIST AI Risk Management Framework (AI RMF 1.0)
Defines risk tolerance and appetite in the context of AI governance, with structured practices across the AI lifecycle.
AI Procurement Lab – Risk Management Framework for AI Procurement
Offers useful guidance for aligning procurement decisions with organisational AI risk appetite, relevant for organisations that procure AI rather than develop it.
ISACA – Applying Risk Appetite and Tolerance to AI
Explains how to adapt enterprise risk appetite statements for AI, including chatbot examples and tolerance ranges for automation.
TechTarget – How to Write a Risk Appetite Statement
Guidance for drafting risk appetite statements, with templates and examples.
