Case Study | Title: Residual Risk - GRM Institute

Case Study | Title: Residual Risk

By Kartik Sarin

PGDRM Batch July’20-21


Residual Risk
  • The residual risk is the amount of risk or danger associated with an action or event remaining after natural or inherent risks have been reduced by risk controls.
  • In simple words “It is the risk remaining after risk treatment”.



Risk Mitigation Process


Even after the risk mitigation process, we won’t be able to eliminate certain risks and these are basically known as Residual Risk.


Purpose of Residual Risk

The purpose of residual risk is to find out whether the planned controls and treatments are “sufficient”.
It means making a decision about how much Risk Appetite an organization has.


Once we find out the Residual Risks, what do we do with them?

We have three options:

Option 1: If the level of risks is below the acceptable level of risk, then we do nothing – the management needs to formally accept those risks.

Option 2: If the level of risks is above the acceptable level of risk, then we need to find out some new (and better) ways to mitigate those risks – that also means we’ll need to reassess the residual risks.

Option 3: If the level of risks is above the acceptable level of risk, and the costs of decreasing such risks would be higher than the impact itself, then we need to propose to the management to accept those high risks.


Examples of Residual Risk

Risk Avoidance: A business decides to avoid the risk of developing new technology because the project in which it is to be used has many risks. The Residual Risk here is that the competitor can develop the same technology instead and gain a competitive advantage.

Risk Transfer: A homeowner may transfer the risk of flood damages by taking insurance. The Residual Risk would include that the insurance company can go bankrupt and fail to pay the insurance amount.

Risk Reduction: An airline company reduces the risk of accidents by improving maintenance procedures. Residual Risk can be that due to human intervention steps could be skipped in the procedures.
Risk Acceptance: On risk acceptance, the entire risk becomes residual risks since we are not doing anything to mitigate it. Example: If an investor thinks that the rewards on an investment outweigh the risk, he would accept that risk and would make the investment. Here, the amount of investment would be covered under Residual Risk.

Important: When controls put in place are effective, both Inherent Risk and Residual Risks are low. However, it is to be noted that Residual Risks are always lower than the Inherent Risks.

Design and Developed by KodeForest @ All Rights Reserved by KodeForest