residual risk definition

Contributor(s): Fran Sales

Residual risk is the threat that remains after all efforts to identify and eliminate risk have been made. 

There are four basic ways of dealing with risk: reduce it, avoid it, accept it or transfer it. Since residual risk is unknown, many organizations choose to either accept residual risk or transfer it -- for example, by purchasing insurance to transfer the risk to an insurance company.  

When addressing residual risk, organizations should: 

  • Identify relevant governance, risk and compliance (GRC) requirements.
  • Determine the organization's control framework's strengths and weaknesses.
  • Acknowledge existing risks.
  • Define the organization's risk appetite.
  • Identify available options for offsetting unacceptable residual risks.

See also: speculative risk, pure risk, operational risk, key risk indicator 

 

This was first published in April 2014

Continue Reading About residual risk

Dig Deeper

PRO+

Content

Find more PRO+ content and other member only offers, here.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close