Risk appetite fields on the Entity form

  • Release version: Australia
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Risk Appetite Fields on the Entity Form

    The risk appetite fields on the Entity form in the Risk Management application allow organizations to define their risk appetite, assess possible risks, and establish boundaries for acceptable and unacceptable risks. These fields are customizable based on the advanced risk assessment properties set by the risk administrator.

    Show full answer Show less

    Key Features

    • Override Qualitative Risk Appetite: Allows the current entity to define its own qualitative risk appetite, independent of its parent entity, if an upstream entity exists.
    • Qualitative Appetite: Represents risk appetite on a numerical scale (1-5) with ratings ranging from Averse to Hungry. This can be adjusted by the risk administrator.
    • Quantitative Appetite: Expresses risk appetite in monetary terms, indicating the acceptable loss amount, such as a specified target for non-performing assets.
    • Qualitative Tolerance: Defines the acceptable deviation from the qualitative appetite, also on a numerical scale, and must exceed the qualitative appetite.
    • Quantitative Tolerance: Measured in monetary terms, indicating the acceptable loss threshold, which must be greater than the quantitative appetite.
    • Appetite Status: Evaluates both qualitative and quantitative appetite statuses based on defined appetites and tolerances, providing insight into risk levels.

    Key Outcomes

    By utilizing these fields, ServiceNow customers can effectively manage their organization's risk exposure. They can customize risk appetite scales, assess their risk tolerance, and monitor the overall appetite status, enabling informed decision-making and enhanced risk management strategies.

    Learn about the risk appetite fields on the Entity form. Use these fields to define the risk appetite, evaluate all the possible risks, and set the boundaries for the acceptable and unacceptable risks in the Risk Management application.

    See the following table for a description of the field values.

    Note:
    The risk appetite fields that appear on the entity form depends on the advanced risk assessment properties set by the risk administrator.
    Table 1. Risk appetite fields on the Entity form
    Field Description
    Override qualitative risk appetite Option to override the qualitative risk appetite of the parent entity. By default, all entities inherit the risk appetite of the upstream entity in the entity form. When you select this option, you can define the risk appetite values for the current entity separately.
    Note:
    This field appears only when there’s an upstream entity available for the current entity.
    Qualitative appetite Risk appetite in numerical scale and rating terms. The qualitative appetite is compared with the qualitative risk rating to compute the qualitative appetite status. You can define the qualitative appetite based on the appetite scale set by the risk administrator. The default options are as follows:
    • 1 - Averse
    • 2 - Minimalist
    • 3 - Cautious
    • 4 - Open
    • 5 - Hungry

    A risk administrator can change or create the risk appetite scales based on the organization's requirement. For more information, see Set up a risk appetite scale.

    After you define the qualitative appetite, you can copy it to the downstream entities.

    Note:
    A risk user and risk reader with the sn_risk_advanced.qualitative_risk_appetite_reader role can only view the qualitative appetite and qualitative tolerance values on the form and in other places.
    Quantitative appetite Risk appetite in quantitative terms. The quantitative risk appetite can be measured and expressed in monetary values. The quantitative appetite is the amount of loss that an organization is willing to risk. For example, an organization decides to have $10,000 (US dollars) as a target non-performing asset (NPA) for this year, which means that the organization defines $10,000 (US dollars) as the quantitative risk appetite.

    The quantitative appetite is compared with the annual loss expectancy (ALE) to compute the quantitative appetite status.

    Note:
    A risk user and risk reader with the sn_risk_advanced.quantitative_risk_appetite_reader role can only view the quantitative appetite and the quantitative tolerance values on the form and in other places.
    Qualitative tolerance Risk tolerance in numerical scale and rating terms. The risk tolerance is the standard deviation from the defined risk appetite. The qualitative tolerance is compared with the qualitative risk rating to compute the qualitative appetite status. The qualitative tolerance should be greater than the defined qualitative appetite. You can define the qualitative tolerance based on the appetite scale that is set by the risk administrator. The default options are as follows:
    • 1 - Averse
    • 2 - Minimalist
    • 3 - Cautious
    • 4 - Open
    • 5 - Hungry

    A risk administrator can modify or create the risk appetite scales based on the organization's requirement. For more information, see Set up a risk appetite scale.
    Quantitative tolerance Risk tolerance in quantitative terms. The risk tolerance is the standard deviation from the defined risk appetite. The quantitative risk tolerance can be measured and expressed in monetary values. For example, an organization decides to have $15,000 (US dollars) as a target non-performing asset (NPA) for this year, which means that the organization defines $15,000 as the quantitative risk tolerance.

    The quantitative tolerance is compared with the annual loss expectancy (ALE) to compute the quantitative appetite status.

    Note:
    The quantitative tolerance should be greater than the defined quantitative appetite.
    Risk appetite status
    Qualitative appetite status Qualitative appetite status of the entity. The qualitative appetite status is calculated by comparing the defined qualitative appetite with the qualitative appetite that is mapped to the final risk rating. A risk administrator can map the appetite scales to the risk rating criteria for the final assessment type in the risk assessment methodology (RAM).
    Note:
    The primary RAM that is associated with the entity class is considered for status calculation.
    For example, if you define the qualitative appetite as 2-Minimalist and the qualitative tolerance as 4-Open, then the following statuses appear:
    • For a qualitative risk rating of 1- Averse or 2-Minimalist, the appetite status is within appetite.
    • For a qualitative risk rating of 3-Cautious or 4-Open, the appetite status is outside the appetite.
    • For a qualitative risk rating of 5-Hungry, the appetite status is outside the tolerance.
    Quantitative appetite status Quantitative appetite status of the entity. The annual loss expectancy (ALE) values are compared with the defined quantitative appetite to calculate this appetite status.
    Note:
    The aggregated ALE value from the primary RAM that is associated with the entity class are considered for the status calculation.
    For example, if you define the quantitative appetite as $1000 (US dollars) and the quantitative tolerance as $1500, then the following statuses appear:
    • For ALE equal to or less than $1000, the appetite status is within the appetite.
    • For ALE ranges from $1001 to $1500, the appetite status is outside the appetite.
    • For ALE more than $1500, the appetite status is outside the tolerance.
    Appetite status Overall appetite status. The overall appetite status considers the worst-case scenario between the qualitative and quantitative status. For example, if the qualitative appetite status is within the appetite and the quantitative appetite status is outside the appetite, then the overall appetite status is outside the appetite.