Risk management processes

Our risk processes

Our people and culture underpin all aspects of Aviva's risk management. We encourage diversity of thought and a culture of curiosity to ensure a broad range of risks are identified and considered. We continuously develop the skills and capabilities of our people to drive better business decisions that appropriately balance risk and reward.

The processes and systems we use to identify, measure, manage, monitor and report risks are designed to enable dynamic risk-based decision-making and effective day-to-day risk management. These include the use of our risk models, Operational Risk and Control Management System (ORCM) and stress and scenario testing (SST)

You can read more about our approach to risk in our Annual Report and Accounts, which you can find on our reports page.

Identify and measure

We carry out regular risk identification including as part of our business planning process and any major business initiatives. We draw on internal and external data, covering both normal conditions and stressed environments.

We measure risks on the basis of Solvency II capital requirement to determine their significance, relative to the potential return and appropriately direct resources to their management. For operational risk management, we assess risks on the basis of their financial loss, financial statement misstatement, customer and reputational impacts. We use other risk metrics as appropriate for other risk management purposes (e.g. liquidity risk management and climate change risk management). We also measure the impact and likelihood of risks against our predefined appetites, tolerances and limits.

Manage and monitor

Having identified the risks of our business and measured their impact, we either accept these risks or take action to reduce, transfer or mitigate them, considering the expected return, associated risk and position relative to risk appetite. Monitoring ensures that the risk management approaches (accept, avoid, transfer, control) in place are effective. The systems for risk management and internal control play a key role in the management of risks that may impact the fulfilment of the Board’s objectives, including identifying risk-taking opportunities.


Our risk reporting is dynamic and focusses on:
  • principal current material risks and emerging trends
  • performance and its impact on our risk profile
  • decisions, taking account of risk reward trade-offs
  • projections/forward-looking views
  • mitigating actions
  • risk vs. appetites, preferences, limits and tolerances.