For #1. High Inherent Risk/Low Residual Risk: Financial Risk - maybe the way an insurance company invests their assets could be seen in this category? For example, an insurer could invest a large percentage of its assets in higher yielding assets like equities and real estate, but in reality tries to lower its financial risk by implementing asset liability matching strategy as to guarantee that they will have the assets to pay out future liabilities. They could increase their risk and earn higher yield for their shareholders, but the insurer must ensure that it will remain solvent and meet its liability obligations. An insurance company is not like a hedge fund company in that it won’t take on the high risk investment opportunities; insurers are also governed by strict regulation so this assists in the investment ‘choice’ here.
For #2. High Inherent Risk/High Residual Risk: This one to me is a bit trickier. Maybe something like operational risks would fit into this category? For example, companies try to get employees to complete codes of conduct questionnaires with the hopes of mitigating dishonest and cheating behaviours. But in reality, no matter how much resources a company spends on mitigating this type of risk, humans will be humans, and there will always be someone who will try and take short cuts, and cheat the system to win.
For #3. Low Inherent Risk/Low Residual Risk: Insurance Risk - The way I look at this category for insurance companies is they probably already have a good understanding of mortality/morbidity risk, since it is a fundamental risk of the business. They spend a lot of resources performing experience studies to try and fine tune their estimates of how they think this risk is evolving over time; but in reality, this risk is probably not the one that is going to sink the company if the risk goes completely wrong. This is granted they have a diversified portfolio of policyholders, and reinsurance in place.