residual risk

Residual risk is the threat that remains after all efforts to identify and eliminate risk have been made. 

There are four basic ways of dealing with risk: reduce it, avoid it, accept it or transfer it. Since residual risk is unknown, many organizations choose to either accept residual risk or transfer it -- for example, by purchasing insurance to transfer the risk to an insurance company.  

Download this free guide

Download: Top FAQs regarding the impact of 4 common compliance regulations

IT operations are sometimes unexpectedly affected by major audit regulations – is your IT team prepared? Explore the critical role your IT team plays in ensuring compliance and review the penalties for non-compliance by downloading this FREE e-guide, which covers any questions you might have regarding 4 major legislative regulations.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

When addressing residual risk, organizations should: 

• Identify relevant governance, risk and compliance (GRC) requirements.
• Determine the organization's control framework's strengths and weaknesses.
• Acknowledge existing risks.
• Define the organization's risk appetite.
• Identify available options for offsetting unacceptable residual risks.

See also: speculative risk, pure risk, operational risk, key risk indicator