Residual risk and Rating/Grading
Identified inherent risks in processes, are expected to be mitigated by using suitably designed controls. In any organisation that has a view on managing operational risks, all or most of the identified risks in a process would be controlled through a process that reduces, or eliminates the risk of a failure taking place in that process.
Residual risk is thus the remaining risk in a process assuming the control designed is operating properly. Thus, all companies strive to have a low level of residual risk.
Higher the control effectiveness, the lower the residual risk. Lower the control effectiveness, the residual risk would be same or similar to level of inherent risk. We shall study more about the concept of controls in the subsequent section.
No comments:
Post a Comment