A risk which it is impossible to manage or
transfer away is said to be an inherent risk.
The risk that exists when no controls have been put in place.
The second definition is used in financial auditing, where it refers to the
risk of a material misstatement of facts prior to (or excluding the possible
effects of) any internal controls. With the ISO standardization of risk management,
its use in business continuity is becoming more frequent.
You are welcome to use these definitions for any purpose provided that an acknowledgement is made
to www.RiskyThinking.com and (if you're using HTML) you provide a link back to this site.
If you are an industry professional, consider subscribing to the free
Risky Thinking Newsletter for articles, insights,
and commentary on risk, business continuity, and security. It's low volume: we don't send
out the newsletter unless there is something interesting to say!