We are developing our Risk Register using the Advisera Templates. We have to mention the values of Consequence and Likelihood after the Risk Treatment i.e. Residual Risk. Will application of a control reduce the “Consequence” as well.
For example “Unauthorized Physical Access to data Center” may have a “High” consequence and “Medium” likelihood. After application of controls like CCTV/Door Lock we can reduce likelihood to “low” but will it reduce the “Consequence” as well.
Even after the control is applied if there is a breach it will have the same Consequences.