What distinguishes inherent risk from residual risk?

Inherent risk refers to the level of risk that exists in the absence of any controls or mitigation measures. It represents the natural exposure to risk that an organization faces due to its operations, processes, and environment. This type of risk is assessed without taking into account any risk management strategies or controls that may be in place.

On the other hand, residual risk is the level of risk that remains after controls have been implemented. It is the risk that an organization is still exposed to despite its efforts to mitigate or reduce potential threats.

Therefore, the distinguishing factor that makes the provided answer accurate is that inherent risk (the baseline risk) is identified prior to any risk management interventions, which allows organizations to understand the risk landscape before they apply any controls to manage that risk. In other words, inherent risk is essentially the starting point for understanding the total risk profile of an organization before any mitigating actions are taken.