Risk Acceptance

Risk acceptance is a formal decision by risk management or executive leadership to acknowledge a known risk and take no further action to mitigate it, typically because the cost of mitigation exceeds the expected value of risk reduction, or the residual risk falls within the organization's defined risk tolerance. Risk acceptance must be documented.