Residual risk is the latest term in this weekly feature I first introduced here on Exceptional EA in 2015.

In a previous post, we looked at internal controls, which document practices or procedures designed to help mitigate risks including human error, fraud, conflict of interest (actual, perceived or potential) and more. 

Risk is not fully controllable, or something we can entirely eliminate. For this reason, even with a solid system of internal controls, “residual risk” remains. The Government of Canada has described residual risk as the risk level after taking into account both (a) existing controls and (b) any existing risk response. In other words, it’s the risk that remains after leadership has responded to a risk/developed practices to mitigate risk.

Example: 

As I describe in my cyber awareness presentations, phishing is a very real risk. Even when an organisation implements security systems to detect spam emails and phishing endeavours, employees will still be on the receiving end of phishing attacks.

 If you’d like to elevate your group’s acumen, and awareness of risk management, I can help. Click here to drop a note to enquire about having me present my Introduction to Risk Management training session for your team or conference.

Why should you turn to this weekly feature? A strong vocabulary can contribute to our career success. Whether you’re conversing with senior colleagues, other stakeholders or your peers, the extent to which you’re familiar with language used around executive tables can impact others’ perceptions of your professionalism and business insights. It’s also helpful to ensure currency with terminology used in meetings you may attend or record.

Check here each Wednesday, or on whatever days you like, for additional words to help maintain or elevate your currency with business terminology. Enter the term “Wednesday’s Words” in the search field any time you visit, and happy reading!