What type of risk results from inadequate controls failing to mitigate potential threats?

The appropriate choice in this scenario is Control Risk. Control Risk specifically refers to the risk that a company's internal controls may fail to prevent or detect errors or irregularities, thus allowing potential threats to manifest. This type of risk emphasizes the effectiveness of the controls in place, highlighting the possibility that controls may not be strong enough to mitigate identified threats adequately.

Inherent Risk relates to the level of risk that exists in the absence of any controls. It addresses the natural susceptibility of a given activity, asset, or system to risk, independent of any safeguards or policies. Thus, it does not directly indicate the failure of existing controls.

Residual Risk, on the other hand, is the amount of risk that remains after controls have been implemented. It is the leftover risk that the organization still faces, despite having put controls in place to mitigate initial threats. This type of risk assumes that some level of risk is acceptable and will persist even with controls.

By identifying Control Risk as the answer, we focus specifically on the potential for inadequate controls to result in vulnerabilities, which is the essence of the question presented.