Residual Risk

What is Residual Risk?

Residual risk also known as inherent risk is the amount of risk that still pertains after all the risks have been calculated, to put it in simple words this is the risk that is not eliminated by the management at first and the exposure that remains after all the known risks have been eliminated or factored in.

Explained in Short

Residual risk is the amount of risk that remains in the process after all the risks have been calculated, accounted, and hedged. During an investment or a business process, there are a lot of risks involved, and the entity takes into consideration all such risks. It counters factors in or eliminates all the known risks of the process. The risks that remain in the process may be due to unknown factors or such risks due to known factors that cannot be hedged or countered; such risks are called residual risks.

Simply put, the danger to a business that remains after all the identified risks have been eliminated or mitigated through the Company’s efforts or internal and risk controls.

You are free to use this image on your website, templates etc, Please provide us with an attribution linkHow to Provide Attribution?Article Link to be Hyperlinked
For eg:
Source: Residual Risk (

Formula to Calculate Residual Risk

The general formula to calculate residual risk is:

Residual Risk = Inherent Risk – Impact of Risk Controls

In the above residual risk formula

  • Inherent risk is the amount of risk that exists in the absence of controls or other mitigating factors that are not in place. It is also known as the risk before controls or gross risk.
  • The impact of risk controls is the amount of risk eliminated, mitigated, or hedged by taking internal or external risk controls.

Thus, when the impact of risk controlsRisk ControlsRisk control is the activity of analyzing, interpreting, and assessing the business environment and decisions in order to minimize losses by detecting pitfalls and preventing businesses from falling victim to calamities, hazards, and avoidable more is subtracted from the inherent risk, the residual amount that remains is this risk.

Let us look at residual risk examples so that we can find out what the residual risk could be for an organization (in terms of potential loss). Consider the firm which has recently taken up a new project.

Without any risk controls, the firm could lose $ 500 million. However, the firm prepares and follows risk governance guidelines and takes necessary steps to calculate residual risk and mitigate some of the known risks. After taking the internal controls, the firm has calculated the impact of risk controls as $ 400 million. This impact can be said as the amount of risk loss reduced by taking control measures.

  • Now, inherent risk = $ 500 million
  • Impact of risk controls = $ 400 million
  • Thus, residual risk = inherent risk – impact of risk controls = 500 – 400 = $ 100 million

Residual Risk Examples

As a residual risk example, you can consider the car seat belts. Initially, without seatbelts, there were a lot of deaths and injuries due to accidents. After the seat belts were installed in the cars and made mandatory to wear by the law, there was a significant reduction in deaths and injuries. However, there are still injuries and deaths by the accidents even after the driver wears these seat belts; this could be said as a residual risk. The seat belts have been successful in mitigating the risk, but some risk is still left, which is not captured; that is why there are deaths by accident.

How companies try to Mitigate Risks?

Companies deal with risk in four ways. While the Company tries to mitigate risks in any of these ways, there is some amount of these risks generated. These four ways are described in detail with residual risk examples:

#1 – Avoid the Risk

Companies may decide not to take on the project or investment to avoid the inherent risk in the projectAvoid The Inherent Risk In The ProjectInherent Risk is the probability of a defect in the financial statement due to error, omission or misstatement identified during a financial audit. Such a risk arises because of certain factors which are beyond the internal control of the more. A Company may decide not to take a project to develop technology because of the new risks the Company may be exposed to. However, in avoiding such risks, the Company may be exposed to the risk of the competitor firm developing such a technology. The Company may lose its clients and business and maybe pose to the threat of being less competitive after the Competitor firm develops the new technology. Thus, avoiding some risks may expose the Company to a different residual risk.

#2 – Risk Reduction

Companies perform a lot of checks and balances in reducing risk. However, such a risk reduction practice may expose the Company to residual risk in the process itself. Consider a production and manufacturing company that has the list of procedures to be performed in the manufacturing line, which checks the risks involved at each stage of the process. However, human or manual errors expose the Company to such risk, which may not be mitigated easily.

#3 – Risk Transfer

Most of the Companies and individuals buy insurance plans from insurance Companies to transfer any kinds of risks to the third party. While buying an insurance plan is the basic tool to mitigate all types of risks, but it too has some amount of residual risks. Suppose a Company buys an insurance scheme on a fire-related disaster. However, the Insurance Company refuses to pay the damage, or the insurance company goes bankrupt due to the high number of claims for other reasons. Thus, risk transfer did not work as was expected while buying the insurance plan.

#4 – Risk Acceptance

After taking all the necessary steps as mentioned above, the investor may be bound to accept a certain amount of risk. This is called risk acceptance, where the investor may neither be able to identify the risk nor can mitigate or transfer the risk but will have to accept it. Also, he will have to pay or incur losses if the risk materializes into losses. Such a risk acceptance is generally in the case of residual risks, or we can say that the risk which is accepted by the investor after taking all the necessary steps is the residual risk.

Steps to Counter Residual Risk

While risk transfer and risk acceptance are the two methods to counter such risk, however, the organizations must follow additional steps as below:

  1. Follow the risk framework to avoid any loss or damages.

  2. Identify governance, risk, and compliance requirements and formulate policy for the same.

  3. Determine the strengths and weaknesses of the risk framework and try to enhance it.

  4. Define the organization’s risk appetiteRisk AppetiteRisk appetite refers to the amount, rate, or percentage of risk that an individual or organization (as determined by the Board of Directors or management) is willing to accept in exchange for its plan, objectives, and more, its capacity to take risks, and resilience to losses in case of an event.

  5. Identify and take necessary action to offset the unacceptable risk.

  6. Buy insurance against losses to transfer the risk.

  7. Lastly, the organization should accept the risk as it is and maintain a resource buffer.

  8. Identify and mitigate all known risks to the Company.


Residual risks are the leftover risks that remain after all the unknown risks have been factored in, countered, or mitigated.  They can also be thought of as the risks that remain after a planned risk framework, and relevant risk controls are put in place. Subtracting the impact of risk controls from the inherent risk in the business (i.e., the risk without any risk controls) is used to calculate residual risk.

This kind of risk can be formally avoided by transferring it to a third-party insurance company. In cases where no insurance is taken against such risks, the Company usually accepts it as a risk to the business. It creates a contingency reserveContingency ReserveThe contingency reserve is a fund set aside for unanticipated causes, future contingent losses, or unforeseen risks. It is not available for dividend distribution and is computed and estimated based on a variety of criteria such as changing industry trends, project cost, new technology more to manage these risks.

Thus, the Company either transfers or accepts residual risk as a part of the going business.

Residual Risk Video

This has been a guide to what is Residual Risk? Here we discuss its formula, residual risk calculations along with practical examples. We also discuss steps to counter residual risks. You may learn more about Risk Management from the following articles –

Reader Interactions


  1. Asd says

    thanks a lot.

Leave a Reply

Your email address will not be published. Required fields are marked *