Residual risk is a risk that remains after Risk Management options have been identified and action plans have been implemented.
It also includes all initially unidentified risks as well as all risks previously identified and evaluated but not designated
for treatment at that time.
It is important for the organizations management and all other decision makers to be well informed about the nature and extent
of the residual risk. For this purpose, residual risks should always be documented and subjected to regular monitor-and-review
procedures.