Risk acceptance

Category: Risk management frameworks · Reviewed by Matt Bartlett, Director · Founder · Last reviewed

Risk acceptance

Risk acceptance (also “tolerate” or “retain”) is the informed decision to take and retain a risk without further treatment. It is appropriate when the residual risk sits within appetite, when treatment is uneconomic, or when there is a strategic case for bearing the risk.

Forms of acceptance

• Implicit acceptance — the risk is below the materiality threshold and not formally treated.
• Conscious acceptance — the risk is documented in the register with rationale, owner and review date.
• Acceptance with monitoring — accepted but key risk indicators are tracked, with pre-agreed triggers for re-assessment.
• Self-insurance / retention — financial consequence retained on balance sheet, possibly with a captive.

Documentation

A defensible acceptance decision includes: the assessed residual likelihood and impact, the rationale for not treating further, the cost of alternative treatments considered, the named accepting authority, the review cadence, and any monitoring metrics. Without these, “acceptance” is indistinguishable from “we forgot about it”.

Acceptance and retention in insurance

Insurance deductibles and self-insured retentions are formalised acceptances of the loss tranche below the attachment point. Boards should evidence acceptance of these layers — including any aggregate stop-loss above which uninsured losses could materialise.

References

• ISO 31000:2018.
• COSO (2017) ERM Framework.

Cross-references

• Risk treatment
• Residual risk
• Risk appetite

Maintained by Matt Bartlett, Director, Apex Insurance Brokers Limited. FCA FRN 724952. Companies House 07014570.