Talking about inherent and residual risk

0
197

Dan Roberts recently shared some interesting thoughts on the topic of inherent and residual risk and their relationship with risk appetite.

Please click on the link above and come back here for a discussion.

Dan writes the piece for the internal auditor, but his comments are relevant for all of us.

I am going to quibble with his definitions of inherent and residual risk. I prefer to consider inherent risk as the level of risk should controls fail, and residual risk as the level of risk assuming that controls are working consistently as designed.

In practice, I prefer to talk about the…

Подробнее…