Inherent Risk
Inherent Risk is the level of risk a vendor or activity presents before any controls or mitigations are applied.
Why It Matters
In security reviewsInherent risk sets the depth of due diligence required, determining how extensive a questionnaire or assessment a vendor receives.
Workflow Context
Where it shows upAssessed at vendor intake to tier the vendor and scope the security review.
Common Mistakes
What to avoid- Treating inherent risk as a universal term with no workflow context.
Use this as an editorial checkpoint when the term appears in a buyer review, internal workflow, or vendor evaluation.