According to the Risk and Information Systems Control Study Manual, residual risk is the risk that remains after the implementation of risk responses. Residual risk is most commonly compared against the risk appetite, which is the amount of risk that an organization is willing to accept to achieve its objectives. By comparing the residual risk with the risk appetite, the organization can determine if the risk response is adequate and effective, or if additional actionsare needed to reduce the risk to an acceptable level. Residual risk should be monitored and reported regularly to ensure that it stays within the risk appetite. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 5, Section 5.3.1, Page 222. A Comprehensive Guide to Risk Appetite and Risk Tolerance
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit