The golden rule for great risk management practices. Define and document the company’s risk appetite. Never start or continue to pursue business strategies without first clearly articulating what are the risk appetite statements for the organisation. In a recent survey by Deloitte, it was noted that Indian banks do not have formal process to document their risk appetite statement. And as competent CROs would agree, defining risk appetite is the foundation of risk management and the strongest pillar for enterprise risk management. Defining risk appetite involves translating the tone at the top into meaningful statements that can be measured, quantified or compared against actual performance and achievements. Good risk appetite definitions examples are as follows. Aggressive growth in international locations given the overall credit losses due to such growth to be restricted to 3% of outstanding. This appetite statement provides an outer boundary within which business strategies are executed. The company is willing to take a 3% loss on the international book to pursue its business goal. No internal fraud should occur that is publicized by the media so as to damage company reputation. This is also considered a good risk appetite definition because although it does not quantity the amount of the internal fraud or the amount of impact to reputation, it does state that any fraud of the size that is considered in media sense as damaging is not accepted. Emanating from such a risk appetite, the fraud risk management practices are strengthened such that business can be done without breach of this appetite.