According to the CGEIT exam guide, the risk appetite is the amount and type of risk that an enterprise is willing to accept in pursuit of its objectives. It is a key element of the IT governance framework and should be defined by senior management before developing and managing digital applications for a new enterprise. The risk appetite provides the basis for establishing the risk management strategy, policies and processes, as well as the risk culture and awareness of the enterprise. References: CGEIT Exam Candidate Guide, page 15. CGEIT Certification