Residual Risk denotes the risks remaining after a certain Risk Mitigation strategy has been pursued in the context of Risk Management. The level of risk remaining after all cost-effective actions have been taken to lessen the impact, probability and consequences of a specific risk or group of risks, subject to an organization's Risk Appetite. The risk that remains in unmanaged form, even when effective risk reduction measures are in place.
The precise nature of residual risks depends on the type of both underlying risk and mitigation / hedging activity.
Depending on the nature of the managed risk, the presence of residual risk implies a continuing need to develop and support effective capacities for risk management, emergency services, preparedness, response and recovery, Risk Transfer mechanisms, as part of a Holistic risk management approach.