The core instrument for defining and aligning risk sensitivity and metrics in a specific business context across an organization. The Risk Appetite Framework operates at all levels of an organization (Board, C-Suite, Business Unit, etc.) and must include an effective risk infrastructure that integrates the organization’s strategy using key metrics that tie risk to business objectives for driving and evaluating TPRM program effectiveness. The framework should incorporate the roles and responsibilities and the implementation of various risk management tools and documentation of risk policies. Actionable risk tolerance metrics must be included. Adapted from James Lam, 2017.