固有风险

固有风险（Inherent risk）是风险管理中的一个概念，指的是在没有任何风险控制措施的情况下，某一活动或过程所固有的、原始的风险水准。它反映了在引入任何风险缓解措施之前，风险的自然状态^[1]^[2]。另一种解释是，固有风险是在现有控制措施（可能不完整或效果有限）下，风险的实际存在状态^[3]^[4]。

在进行处置，并且增加安全措施之后的风险程度，会称为残余风险（英语：residual risk）。

参考资料

^ Gregory Monahan. Enterprise Risk Management: A Methodology for Achieving Strategic Objectives. John Wiley & Sons. 2008 [2020-06-02]. ISBN 9780470372333. （原始内容存档于2019-12-15）.
^ Rachel Slabotsky. Inherent Risk vs. Residual Risk Explained in 90 Seconds. www.fairinstitute.org. FAIR Institute. 7 September 2017 [10 October 2018]. （原始内容存档于2020-04-02）. Inherent risk represents the amount of risk that exists in the absence of controls.
^ Rachel Slabotsky. Inherent Risk vs. Residual Risk Explained in 90 Seconds. www.fairinstitute.org. FAIR Institute. 7 September 2017 [10 October 2018]. （原始内容存档于2020-04-02）. Inherent risk is current risk level given the existing set of controls rather than the hypothetical notion of an absence of any controls.
^ Jack Jones. Measuring and Managing Information Risk: A FAIR Approach. FAIR Institute.

这是一篇与科技相关的小作品。您可以通过编辑或修订扩充其内容。

[1] Gregory Monahan. Enterprise Risk Management: A Methodology for Achieving Strategic Objectives. John Wiley & Sons. 2008 [2020-06-02]. ISBN 9780470372333. （原始内容存档于2019-12-15）.

[2] Rachel Slabotsky. Inherent Risk vs. Residual Risk Explained in 90 Seconds. www.fairinstitute.org. FAIR Institute. 7 September 2017 [10 October 2018]. （原始内容存档于2020-04-02）. Inherent risk represents the amount of risk that exists in the absence of controls.

[3] Rachel Slabotsky. Inherent Risk vs. Residual Risk Explained in 90 Seconds. www.fairinstitute.org. FAIR Institute. 7 September 2017 [10 October 2018]. （原始内容存档于2020-04-02）. Inherent risk is current risk level given the existing set of controls rather than the hypothetical notion of an absence of any controls.

[4] Jack Jones. Measuring and Managing Information Risk: A FAIR Approach. FAIR Institute.

[1]

[2]

[3]

[4]