ISO31000 version 2009 defined risk treatment as a process to modify risk. However, the definition of risk treatment have been deleted and replaced with risk control in ISO31000 version 2018. Risk control defined as a measure that maintains and/or modifies risk. Controls include, but are not limited to, any process, policy, device, practice or other conditions and/or actions which maintain and /or modify risk. The modified risk is considered residual risk. Residual risk is a risk that remains after all efforts have been made to mitigate or eliminate risks. Adapted: Ramly, E.F. and Osman, M.S. (2018), Development of Risk Management Framework - Case Studies, Proceedings of the International Conference on Industrial Engineering and Operations Management Paris, France, July 26-27, 2018

In this context define residual risk and discuss the THREE (3) broad categories of risk