Inherent risk
Inherent risk refers to any risk present before risk mitigation or controls have been put in place. It can be thought of as the pure risk of any business or endeavor. The inherent risk that a business is exposed to is ultimately determined by many factors, including the business’s industry, maturity, target market, products and services, and any regulations it is subject to.
Frequently asked questions
What is the difference between inherent risk and residual risk?
If inherent risk refers to the risks that pre-date the use of controls, residual risk refers to the risks that remain after controls have been implemented. Ideally, the amount of residual risk is considerably less than the inherent risk, but ultimately depends on the controls.
How can businesses manage inherent risk?
In order to minimize inherent risk, a business must first understand which risks they are exposed to. This is achieved with a thorough and comprehensive risk assessment. Once all possible risks have been identified, they can then be prioritized, and a specific risk mitigation strategy can be put in place for each identified risk.