Residual risk is the threat that remains after all efforts to identify and eliminate risk have been made.
There are four basic ways of dealing with risk: reduce it, avoid it, accept it or transfer it. Since residual risk is unknown, many organizations choose to either accept residual risk or transfer it -- for example, by purchasing insurance to transfer the risk to an insurance company.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
When addressing residual risk, organizations should:
- Identify relevant governance, risk and compliance (GRC) requirements.
- Determine the organization's control framework's strengths and weaknesses.
- Acknowledge existing risks.
- Define the organization's risk appetite.
- Identify available options for offsetting unacceptable residual risks.