Residual Risk Definition

Residual risk is the risk that remains after controls have been put in place. It is the chance that something bad will happen even though you have taken steps to prevent it.

There are two types of residual risk: acceptable and unacceptable. Acceptable residual risk is the risk that you have decided to live with because it is not possible or practical to eliminate it completely. Unacceptable residual risk is the risk that you need to take action to reduce.

The level of acceptable residual risk will vary from organization to organization and from project to project. It depends on factors such as the size of the organization, the type of business, the importance of the project, and the availability of resources.

No matter what level of acceptable residual risk is decided upon, it is important to remember that some level of risk always remains. There is no such thing as a completely safe system or process. Even with controls in place, there is always a chance that something could go wrong.