What is Residual Risk?
Residual risk is the amount of risk that remains in the process after all the risks have been calculated, accounted and hedged. During an investment or a business process, there are a lot of risks involved and the entity takes into consideration all such risks. It counters factors in or eliminates all the known risks of the process. The risks that remain in the process may be due to unknown factors or such risks due to known factors which cannot be hedged or countered; such risks are called residual risks.
Simply put, the danger to business that remains after all the identified risks have been eliminated or mitigated through the Company’s efforts or internal and risk controls.
Formula to Calculate Residual Risk
The general formula to calculate residual risk is:
In the above residual risk formula
- Inherent risk is the amount of risk that exists in the absence of controls or other mitigating factors are not in place. It is also known as the risk before controls or gross risk.
- Impact of risk controls is the amount of risk eliminated, mitigated or hedged by taking internal or external risk controls.
Thus, when the impact of risk controls is subtracted from the inherent risk the residual amount that remains is this risk.
Let us look at residual risk example so that we can find out what the residual risk could be for an organisation (in terms of potential loss). Consider, the firm which has recently taken up a new project.
Without any risk controls, the firm could lose $ 500 million. However, the firm prepares and follows risk governance guidelines and takes necessary steps to calculate residual risk and mitigate some of the known risks. After taking the internal controls, the firm has calculated the impact of risk controls as $ 400 million. This impact can be said as the amount of risk loss reduced by taking control measures.
- Now, inherent risk = $ 500 million
- Impact of risk controls = $ 400 million
- Thus, residual risk = inherent risk – impact of risk controls = 500 – 400 = $ 100 million
Residual Risk Examples
As a residual risk example, you can consider the car seat belts. Initially, without the seatbelts, there were a lot of deaths and injuries due to accidents. After the seat belts were installed in the cars and made mandatory to wear by the law there was a significant reduction in deaths and injuries. However, still there are injuries and deaths by the accidents even after the driver wears these seat belts, this could be said as a residual risk. The seat belts have been successful in mitigating the risk but some risk is still left which is not captured that is why there are deaths by accident.
How companies try to Mitigate Risks?
The Companies deal with risk in four ways. While the Company tries to mitigate risks by any of these ways, there is some amount of these risk generated. These four ways are described in detail with residual risk examples:
#1 – Avoid the Risk
Companies may decide to not take on the project or an investment to avoid the inherent risk in the project. A Company may decide to not take a project to develop a technology because of the new risks the Company may be exposed to. However, in avoiding such risks the Company may be exposed to the risk of the competitor firm developing such a technology. The Company may lose its clients and business and may be posed to the threat of being less competitive after the Competitor firm develops the new technology. Thus, avoiding some risks may expose the Company to a different residual risk.
#2 – Risk Reduction
Companies perform a lot of checks and balances in reducing risk. However, such a risk reduction practice may expose the Company to residual risk in the process itself. Consider a production and manufacturing company which has the list of procedures to be performed in the manufacturing line which checks the risks involved at each stage of the process. However, human or manual errors expose the Company to such risk which may not be mitigated easily.
#3 – Risk Transfer
Most of the Companies and individuals buy insurance plans from insurance Companies to transfer any kinds of risks to the third party. While buying an insurance plan is the basic tool to mitigate all types of risks but it too has some amount of residual risks. Suppose a Company buys an insurance scheme on fire-related disaster. However, the Insurance Company refuses to pay damage or the insurance Company goes bankrupt due to the high number of claims for other reasons. Thus, risk transfer did not work as was expected while buying the insurance plan.
#4 – Risk Acceptance
After taking all the necessary steps as mentioned above, the investor may be bound to accept a certain amount of risk. This is called risk acceptance where the investor may neither be able to identify the risk nor can mitigate or transfer the risk but will have to accept it. Also, he will have to pay or incur losses if the risk materializes into losses. Such a risk acceptance is generally in the case of residual risks or we can say that the risk which is accepted by the investor after taking all the necessary steps is the residual risk.
Steps to Counter Residual Risk
While risk transfer and risk acceptance are the two methods to counter such risk, however, the organisations must follow additional steps as below:
- Identify and mitigate all known risks to the Company
- Follow risk framework to avoid any loss or damages
- Identify governance, risk and compliance requirements and formulate policy for the same
- Determine the strengths and weaknesses of the risk framework and try to enhance it
- Define organization’s risk appetite, its capacity to take risk and resilience to losses in case of an event
- Identify and take necessary action to offset the unacceptable the risk
- Buy insurance against losses to transfer the risk
- Lastly, the organization should accept the risk as it is and maintain resource buffer
Residual risks are the leftover risks that remain after all the unknown risks have been factored in, countered or mitigated. They can also be thought of as the risks that remain after a planned risk framework and relevant risk controls are put in place. Subtracting the impact of risk controls from the inherent risk in the business (i.e. the risk without any risk controls) is used to calculate residual risk.
This kind of risk can be formally avoided by transferring it to the third-party insurance Company. In cases where no insurance is taken against such risks, the Company usually accepts it as a risk to the business. It creates a contingency reserve to manage these risks.
Thus, the Company either transfers or accepts residual risk as a part of the going business.
Residual Risk Video
This has been a guide to what is Residual Risk? Here we discuss its formula, residual risk calculations along with practical examples. We also discuss steps to counter residual risks. You may learn more about Risk Management from the following articles –