Glossary definition

Inherent Risk

Inherent Risk is the level of risk a vendor or activity presents before any controls or mitigations are applied.

TPRM & GRC

Why It Matters

In security reviews

Inherent risk sets the depth of due diligence required, determining how extensive a questionnaire or assessment a vendor receives.

Workflow Context

Where it shows up

Assessed at vendor intake to tier the vendor and scope the security review.

Common Mistakes

What to avoid
  1. Treating inherent risk as a universal term with no workflow context.

    Use this as an editorial checkpoint when the term appears in a buyer review, internal workflow, or vendor evaluation.