Your post reminded me of a couple of slides from a risk presentation I gave at an industry conference more than 12 years ago. If they help you in your current quest, wonderful! At a conceptual level the reduction in risk (and those parameters related to acceptable residual risk) form the essential basis of your organizational risk tolerance and risk acceptance level. In most organizations those are very challenging to express in meaningful ways. Best...
------------------------------
L. Beachy
------------------------------
Original Message:
Sent: 07-19-2021 01:53 PM
From: Tricia Patterson
Subject: Financial Risk Assessments - Inherent vs. Residual Risk Ratings
We are working to mature our Vendor Risk Program and begin adding in residual risk in addition to inherent risk. While many of our SME groups can understand this and can look at a vendors controls, documentation, etc. to help determine this, from a financial standpoint, we are struggling to get parameters around this.
Does anyone have feedback or ideas we can share with our finance SME's and help shape this conversation?
Thanks in advance!
Tricia