Behind the identification of the risks of compliance and the identification and evaluation of the organization's controls, it is necessary to move on to the next phases of the risk management process, that is, to analysis and evaluation of them.

The main objective of risk management is to have information that allows us make decisions regarding the treatment of risks, that is, deciding in each case whether to act or not, what type of action we should carry out, with what urgency or priority we should act, etc.

To do this, we must estimate in each case what the inherent risk is and what the residual risk associated with each risk scenario is.

Now, what is inherent risk? He inherent risk (or gross risk) is the risk that is given by the nature of the organization's activity, that is, the intrinsic risk of the different activities and business areas, without taking into account the control mechanisms that exist.

The inherent risk is obtained from the result of considering the impact and probability associated with the risk of compliance:

He impact refers to the consequences (economic, financial, patrimonial, reputational, etc.) that would occur if the risk event were to materialize.

The probability It is the theoretical expectation that the risk will materialize, without considering the mitigating measures existing in the organization and taking into account exclusively its characteristics and context, for example: the economic sector in which it operates, the activities it carries out, the geographical areas in which it carries out its activities, the size and other characteristics.

Given the inherent risk, we then ask ourselves, what is residual risk? He residual risk (or net risk) can be defined as the risk that the organization assumes or accepts after implement and execute relevant control mechanisms and prevention measures. It could be stated that the residual risk is the extent of the remaining risk after considering the mitigating effect that the control environment exerts on the risks of compliance of the organization. We see how the residual risk is measured considering the crossing of the inherent risk and the effectiveness of control mechanisms assigned to each risk scenario.

Obtaining the residual risk is an important consideration, since this risk is used, among others, to determine whether the existing controls in the organization They are sufficiently robust and effective, and whether they are proportionate to the level of inherent risk. Furthermore, residual risk is the risk that the organization assumes and, therefore, must necessarily be known and accepted by its administrative and management bodies.

Subscribe to our newsletter to stay up to date with all the news

Name and surname *

Email *

I give my express consent and accept the Privacy Policy.

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SAU as the party responsible for this website. The purpose of collecting and processing personal data is to manage your subscription to the newsletter as well as to send commercial information about the services of the data controller. The legitimacy is the explicit consent of the interested party. Data will not be transferred to third parties, except under legal obligation. You may exercise your rights of access, rectification, limitation and deletion of data at compliance@grupomainjobs.com, as well as the right to lodge a complaint with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find on our website.