Final answer:
Residual risk is the uncertainty that remains after all risk management efforts, indicating the risk that persists despite mitigation strategies. It represents the acceptance of some level of risk due to it being impractical to eliminate all risks entirely. Hence, option C is the correct answer.
Step-by-step explanation:
Residual risk is the amount of uncertainty that remains in a process or system after all risk management efforts have been applied. It represents the risk that continues to exist after all controls and mitigations have been deployed to manage and reduce risks to an acceptable level. For instance, in the context of investments, after implementing strategies to mitigate default risk and interest rate risk, there might still be uncertainties that affect the actual rate of return on an investment compared to the expected rate of return. This could happen due to market volatility or unforeseen events that are not completely avoidable or controllable, which reflects the residual risk.
Basically, residual risk is the risk that an organization has decided to accept because it falls within its threshold for risk tolerance, or it is deemed too costly or impractical to further mitigate to a zero level. It is important for any risk management plan to recognize and account for residual risks, as they can be seen as the gap between the ideal risk-free state and the practical, achievable level of risk after risk management strategies are applied.