固有风险(Inherent risk)是风险管理中的一个概念,指的是在没有任何风险控制措施的情况下,某一活动或过程所固有的、原始的风险水准。它反映了在引入任何风险缓解措施之前,风险的自然状态[1][2]。另一种解释是,固有风险是在现有控制措施(可能不完整或效果有限)下,风险的实际存在状态[3][4]

在进行处置,并且增加安全措施之后的风险程度,会称为残馀风险英语residual risk

参考资料

编辑
  1. ^ Gregory Monahan. Enterprise Risk Management: A Methodology for Achieving Strategic Objectives. John Wiley & Sons. 2008 [2020-06-02]. ISBN 9780470372333. (原始内容存档于2019-12-15). 
  2. ^ Rachel Slabotsky. Inherent Risk vs. Residual Risk Explained in 90 Seconds. www.fairinstitute.org. FAIR Institute. 7 September 2017 [10 October 2018]. (原始内容存档于2020-04-02). Inherent risk represents the amount of risk that exists in the absence of controls. 
  3. ^ Rachel Slabotsky. Inherent Risk vs. Residual Risk Explained in 90 Seconds. www.fairinstitute.org. FAIR Institute. 7 September 2017 [10 October 2018]. (原始内容存档于2020-04-02). Inherent risk is current risk level given the existing set of controls rather than the hypothetical notion of an absence of any controls. 
  4. ^ Jack Jones. Measuring and Managing Information Risk: A FAIR Approach. FAIR Institute.