Residual risk is the risk that remains after taking all possible or any economically reasonable steps to avoid it.
Residual risk is the risk remaining after the risk control procedures have been selected for specific hazards. They can only be considered true if selected procedures for its elimination or reduction have been implemented. Whenever specific procedures for identified threats are selected, these threats are re-estimated and the risk level is verified again. It should be taken into account that the application of selected procedures will not be sufficient to significantly reduce the level of risk. The total residual risk should be determined by considering individual residual risks relating to each identified hazard.
Depending on the likelihood and severity of a potentially threatening event and real current hazards, the residual risk for each hazard may be different. It is commonly assumed that the total residual risk is to be equal or greater to the highest identified risk that concerns one of the identified risks. In addition, both the quantity and the nature of existing threats should be taken into account.
In some cases, the project manager may decide that the total residual risk is higher than any of the hazards. The basis for making such a decision is the number of threats with lower risk if they present a threat of a larger scale in the statement. For example, the result of a risk assessment in a specific undertaking may be a moderate residual risk for individual identified threats. However, taking into account the complexity of the requirements of procedures controlling the risk and the synergistic effect of all hazards, the project manager will decide that the residual risk for the entire undertaking is too high to take them.
Types of residual risk
Residual risk, which is deliberately not subject to any restrictions because it has been accepted, is also referred to as acceptable risk. Its specific manifestation is residual risk, i.e. the risk that remains after the implementation of collateral. In practice, such a risk is always out of necessity, since no system is completely safe, and some resources are intentionally not protected. It is important, however, that the persons deciding on the choice of security should be aware of the residual risk and fully accept it. Faced with such a case, only an alternative becomes possible for them: they accept the risk, or decide to apply additional safeguards, aimed at mitigating the risk, i.e. reducing it to an acceptable level, which is usually closely related to incurring additional costs. It is therefore good to take action towards risk control.
Residual risk management
- Hazard identification,
- Threat assessment,
- Development of risk control tools,
The first two stages are stages of risk assessment, the last two are elements of risk management. It is only in the third stage that risk control procedures are developed and implemented, with the aim of eliminating threats or minimizing the risks associated with them. Then the risks are verified to determine the residual (remaining) risk until the acceptable level of risk is achieved or any risk is not reduced to a level where benefits outweigh the costs incurred. This stage should be carried out when developing, considering and compiling various operational options and selecting one of them, that is making a decision.
The goal of the entire risk assessment and management process is to create the basis for making the optimal decision regarding risk acceptance or lack thereof. The key element is to define an acceptable level of risk. the risk or possibility of potential losses must be balanced with the expected benefits. The decision as to accepting the risk limit should be made at the level of management adequate for the given operation or task, and the basis for undertaking it is the level of the existing risk.
Making risky decisions is not always associated with negative effects; it often accompanies entrepreneurship and innovation, which is one of the drivers of the development of capitalism. Negative consequences usually arise when a certain threshold of tolerable risk is exceeded, beyond which only the area of unacceptable bravado and lack of control extends. This is why they are extremely necessary, scenarios of anti-risk activities.
- McNeil, A. J., Frey, R., & Embrechts, P. (2005). Quantitative risk management: Concepts, techniques and tools (Vol. 3). Princeton: Princeton university press.
- Embrechts, P., McNeil, A., & Straumann, D. (2002). Correlation and dependence in risk management: properties and pitfalls. Risk management: value at risk and beyond, 1, 176-223.
- Jüttner, U., Peck, H., & Christopher, M. (2003). Supply chain risk management: outlining an agenda for future research. International Journal of Logistics: Research and Applications, 6(4), 197-210.