Please feel free to contact me anytime to share your thoughts: +1 612.357.1544 (cell), +1 952.567.6215 (direct), gerry.zack@corporatecompliance.org.
I’ve had several conversations in recent years about the concepts of inherent risk and residual risk: terms that are sometimes used in connection with enterprise risk management and the performance of compliance risk assessments. Inherent risk is to be assessed based on the level of risk that exists before the application of any internal controls, while residual risk is after considering the effectiveness of those controls.