Activity
A.12 Identification of residual risks
IT Risk Treatment - CGF
Description
Description
Residual risk is a risk that remains after Risk Management options have been identified and action plans have been implemented. It also includes all initially unidentified risks as well as all risks previously identified and evaluated but not designated for treatment at that time.
It is important for the organizations management and all other decision makers to be well informed about the nature and extent of the residual risk. For this purpose, residual risks should always be documented and subjected to regular monitor-and-review procedures.
Organisation
Responsible
Accountable
Consulted
Input/Output