Inherent risk is risk based on the fundamental characteristics of the engagement, such as its commodities, regions, departments, criticality, materiality, and outsourcing.
- The Inherent Risk field in the Engagement Summary shows an inherent risk rating based on the answers in the inherent risk screening questionnaire (the second step of the engagement request.)
- The Inherent Risk (Commodity) field in the Engagement Summary shows an inherent risk rating based on the engagement's commodities in the business details questionnaire (the first step of the engagement request.)
Residual risk refers to the risk that remains after all of the risks associated with a supplier or third-party engagement have been identified, assessed, and settled.
- The residual risk for an issue shows in the Residual Risk field in the Issue details area of the issue page. This field only shows a value once the issue severity and probability are set.
- The residual risk for an engagement shows in the Residual Risk field in the Engagement Summary area of the engagement page. This field only shows a value if the engagement has at least one associated issue with a residual risk rating. Otherwise it is blank.