Risk Appetite Explained: 4 Terms That Keep Decisions Honest
A quick guide to risk appetite, risk tolerance, risk criteria, and risk acceptance for leaders who need a clearer line before exposure becomes routine.

Key takeaways
- 01Risk appetite defines the maximum exposure leaders will carry before they require escalation, redesign, or refusal.
- 02Risk tolerance belongs to the operating level, where the crew absorbs normal variation inside the appetite.
- 03Risk criteria and risk acceptance are different jobs, because one defines the rule and the other records the decision.
- 04If exceptions keep repeating, revise the appetite or the criteria instead of asking people to be more careful.
- 05Andreza Araújo's leadership books are useful when you need the decision boundary to become visible in the field.
Risk appetite is the amount of uncertainty leaders are willing to carry before they require escalation, redesign, or refusal. It matters when policy sounds clear, but the field still needs a real line between acceptable and unacceptable exposure.
In risk-management work, appetite is not a slogan. It is a decision boundary. Across 25+ years leading EHS in multinationals, Andreza Araújo has seen that the organizations with the clearest lines make faster calls because supervisors do not have to guess where the limit sits. In Make The Difference: Be a Leader in Health & Safety, that same logic appears as leadership discipline, not paperwork.
If the limit is vague, the crew improvises. That is why risk appetite sits close to the live risk register and the escalation trigger, where decisions stop being abstract and start changing the work.
Definition
Risk appetite tells you how much risk the organization will accept before it must stop, redesign, or escalate. It belongs to governance, but it only becomes useful when supervisors and area owners can translate it into field decisions. A policy that no one can apply at the workface is not appetite. It is decoration.
For practical use, appetite should answer one question, when does normal control end and exceptional control begin? If the answer changes from one manager to the next, the system is already negotiating with exposure.
4 terms that matter
- Risk appetite
- The level of risk the organization is willing to carry in normal operations before it requires escalation or redesign.
- Risk tolerance
- The amount of variation a specific team can absorb inside that appetite without breaking the operating plan.
- Risk criteria
- The rules leaders use to judge whether a scenario fits the appetite or crosses the line.
- Risk acceptance
- The documented decision to proceed after the exposure has been judged against the criteria.
These four terms are related, but they do different jobs. Appetite sets the line, tolerance describes the operating margin, criteria define the judgment rule, and acceptance records the decision. When a site mixes them up, the result is usually a slow drift from clear governance into convenient exceptions.
How to separate them in practice
| Term | Owner | What it changes |
|---|---|---|
| Risk appetite | Leaders | The maximum exposure the organization will carry |
| Risk tolerance | Operations | The amount of variation the crew can absorb today |
| Risk criteria | Risk owner | The rule that decides whether the line is crossed |
| Risk acceptance | Named decision maker | The record that the exception was consciously approved |
That separation becomes visible when you audit the language, not just the form. If a supervisor says, "We can tolerate it for now," but nobody can show the criterion or the acceptance record, the site is already running on habit. The same problem appears in a risk register that looks complete but no longer drives choices.
When to use appetite vs tolerance
Use appetite when the organization sets the line, tolerance when the shift manages the day, and acceptance when a specific exception needs a named decision. If the same exception keeps returning, do not ask people to be more careful. Revise the appetite or the criteria, because repeated exceptions usually mean the boundary is wrong.
That is the practical test. If your answer only explains the policy, the boundary is still too far from the field. If your answer tells a supervisor what to stop, what to escalate, and who owns the exception, the concept is working. For a deeper leadership lens, read Make The Difference: Be a Leader in Health & Safety and use it as the base for your next decision review.
Andreza Araújo's store is the next stop when your team needs the broader leadership context behind the control line.
Frequently asked questions
What is risk appetite in safety and risk management?
How is risk tolerance different from risk appetite?
What are risk criteria used for?
What is risk acceptance?
Which Andreza Araújo book fits this topic best?
About the author
Andreza Araújo
Safety Culture Expert | Senior EHS Executive
Andreza Araújo is a safety culture expert and senior EHS executive with more than 25 years of experience in environment, health and safety. She is a Civil Engineer and Occupational Safety Engineer from Unicamp, holds a Master's degree in Environmental Diplomacy from the University of Geneva, and completed sustainability studies at IMD Switzerland. Andreza has served in Global Head of EHS roles in Fortune 500 environments, leading cultural transformation programs across multinational operations. She has represented Brazil as a speaker at the United Nations in Paris and has spoken at the International Labour Organization in Turin. She is the author of more than 16 books on safety culture in Portuguese, Spanish, English and German. Her work has earned more than 10 EHS awards, including two recognitions from Indra Nooyi, former PepsiCo CEO.
- Civil & Safety Engineer (Unicamp)
- M.A. Environmental Diplomacy (University of Geneva)
- Sustainability Cert (IMD Switzerland)
- People Management & Coaching (Ohio University)
- UN Paris speaker representative for Brazil
- ILO Turin speaker
- LinkedIn Top Voice
- Indra Nooyi PepsiCo CEO recognition (2x)
Documentaries
Watch Andreza's documentaries
Three productions on safety culture, organizational failure and the human lessons behind major disasters.
Podcasts
Listen to Andreza's podcasts
She hosts three shows on safety leadership, EHS and organizational culture, in English and Portuguese.