What is a residual risk?
Residual risk is a risk that remains after the mitigations or removal of some or all types of risk.
Why is residual risk important?
There are a number of reasons why reasonable risk is significant, and they include
- It’s a risk that an organization has to live with based on choices they’ve made regarding risk mitigation.
- It is a leftover risk after significant controls and process improvements have been put in place by an organization.
- Residual risk is important for compliance and regulatory requirements.
What is the difference between residual risk and inherent risk?
Residual risk is a risk that is left after putting the main control measures in place. Inherent risks are the types of risk where there is no attempt at mitigating them, and no control measures have been applied to them.
How do you calculate a residual risk?
A residual risk is calculated from the formula below
- Residual risk = inherent risk – impact of risk controls
For example, let’s consider a risk analysis of a potential ransomware outbreak within a specific business unit. The organization has determined that, in a worst-case scenario, the inherent risk associated with the outbreak – that is, the risk present without any controls or countermeasures in place – could be $5 million. However, with the implementation of new malware detection and prevention controls, along with a focus on backups and redundancy, the organization believes that recovery from ransomware is feasible in almost all cases without having to pay a ransom and wait for decryption. The total cost of implementing these solutions and controls is estimated to be $2 million.
The residual risk formula would then look like this:
Residual risk = $3 million (inherent risk) – $2 million (impact of risk controls).In this case, the residual, or leftover, risk is roughly $1 million.
ALSO READ:
- FAQs frequently asked questions on dangerous occurrence
- How to calculate man hours in (hse) safety
- Ladder Safety: Inspection and proper use of ladder
Onyeka Emma is a QHSE Professional with more than 10 years of experience in occupational health and safety, which spans many industries such as construction, beverage, oil and gas, etc. He has many health and safety certifications, including NEBOSH IGC, ISO 9001:2015, ISO 14001:2015, and ISO 45001:2018 Lead auditor certificate. A member of IOSH, ISPON, and Nigeria Red Cross Society. He is interested in business, entrepreneurship, Speaking, and motivating people to do better for themselves. He enjoys leisure with a good motivational book.
