Community//

Inherent and Residual Business Continuity Risks

As the face of business continuity, security and compliance planning has changed with the new decade, so has the nature of the disruptive risks and vulnerabilities it strives to mitigate. For newer businesses or organizations first undertaking security and continuity planning, this refers to having a strong understanding of prevailing continuity, security & compliance trends, […]

The Thrive Global Community welcomes voices from many spheres on our open platform. We publish pieces as written by outside contributors with a wide range of opinions, which don’t necessarily reflect our own. Community stories are not commissioned by our editorial team and must meet our guidelines prior to being published.

As the face of business continuity, security and compliance planning has changed with the new decade, so has the nature of the disruptive risks and vulnerabilities it strives to mitigate. For newer businesses or organizations first undertaking security and continuity planning, this refers to having a strong understanding of prevailing continuity, security & compliance trends, but it also hinges on understanding the various definitions of “risk.”

This notion in mind, one common mistake in planning is misconstruing inherent risk with residual risk. Businesses must be able to distinguish — and diligently prepare for — both types of risk if they hope to maintain a stable and secure corporate environment; thus promoting a culture of stability and control.

Inherent risk

Inherent risk is commonly defined as “the level of risk in place in order to achieve an entity’s objectives and before actions are taken to alter the risk’s impact or likelihood.” In other words, this risk is naturally part of the business’s atmosphere, and, without intervention, it could yield damaging infrastructural results, stunt business progress towards goals, and even put employees at risk. This is the type of risk that I fondly liken to my years of working for the District of Columbia governments when I found myself hearing “That’s how we’ve always done it here” when identifying an inefficient and potentially dangerous policy and/or procedure.

Therefore, inherent risks should be identified as soon as possible to expose crucial loopholes in existing protocols. It is key to note that every workplace’s inherent risk will be a little bit different, so self-assessment and continuous evaluation is vital in laying an effective framework for improvement.

Residual risk

In contrast to my experience in D.C. (and New York before and Pennsylvania thereafter), Tennessee’s State Government points to a water filter metaphor to illustrate the difference between inherent and residual risk; the water flowing into the filter represents the former — or the aforementioned risks that are naturally occurring without intervention — while residual risk is represented by the occasional small impurities that pass through the filter without change.

Thus, while inherent risk assessment will help organizations identify and dissect broad risks jeopardizing key objectives; these efforts will almost always produce residual risks. In some cases, these residual pitfalls are overlooked or outright ignored in favor of lower hanging fruit objectives, leaving businesses potentially exposed to being blindsided. However, residual risk can also “serve as justification for the time and resources required to support a business’s recovery needs.”

Regardless of the risk in question, it is imperative that businesses invest proper time and resources in comprehensive risk management, considering a variety of risk scenarios and best practices from other organizations/industries in their entirety.

    Share your comments below. Please read our commenting guidelines before posting. If you have a concern about a comment, report it here.

    You might also like...

    Community//

    Is Crypto Exchange Risk Free?

    by Breana Patel
    Community//

    “Find something beautiful.” With Charlie Katz & Gunjan Sinha

    by Charlie Katz
    Community//

    Key Tips to Innovate your Business for the ‘New Normal’

    by Craig Dempsey
    We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.