Answer:
The residual risk ranking process in risk management involves assessing and prioritizing the risks that remain after mitigation strategies have been implemented.
Step-by-step explanation:
In the context of risk management, completing the residual risk ranking process typically involves assessing risks that remain after mitigation efforts have been applied. This step is critically important as it acknowledges that even with mitigation strategies in place, some level of risk might still exist. It is an assessment of the risk exposure that persists after the implementation of control measures and risk response plans.
To elaborate using the provided figure 20.1 example: if we apply Plan B to mitigate a threat but some risk remains, the residual risk ranking would be the process of evaluating and prioritizing this leftover risk. The decision whether to accept this residual risk or to take further action is then informed by this process. It moves beyond just identifying potential risks (Plan A) and is essential for maintaining an effective risk management strategy, driving decisions on additional risk controls, and informing the overall risk management plan.