Mechanisms exist to define organizational risk appetite, the degree of uncertainty the organization is willing to accept in anticipation of a reward.
Control Question
Assessment question for control validation
Does the organization define organizational risk appetite, the degree of uncertainty the organization is willing to accept in anticipation of a reward?
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: RSK-01.5
ESP Level 1: RSK-01.5
ESP Level 2: RSK-01.5
ESP Level 3: RSK-01.5