The amount of risk an organization is willing to take on in achieving its business objectives. Used to guide management in the design and implementation of risk management controls to reduce risk severity in alignment with this target residual risk. Actual residual risk should be equal to or less than the target residual risk, however in practice this is not always the case.
Adapted from COSO, 2016.