If your organization is responsible for securing the assets of a third party, residual risk in cyber security monitoring is a compliance standard required by ISO 27001 regulations. It has to be built into your overall risk assessment process to keep not only your corporate assets protected but also those of any international vendors and contractors.
The National Institute of Standards and Technology defines a risk assessment as a process "to identify, estimate, and prioritize risk to organizational operations, organizational assets, individuals, other organizations, and the Nation, resulting from the operation and use of information systems."
A full risk assessment includes assessing residual risk, which is essentially calculated by subtracting risk control from inherent risk. Once you've assessed residual risk, you can move on to managing it. You have the option of avoiding the risk by moving the assets to a controlled area or taking them offline. You could also reduce the risk by adding new controls, or use cyber risk insurance to protect yourself if you can't conduct regular audits, or simply accept the risk and take responsibility for an incident.