A recent review of your company's risk management strategy highlights certain risks that exceed the organization's tolerance levels. As the Information Security Manager, which factor would you align with the organization's risk appetite to ensure appropriate risk treatment?