Managing Secondary and Residual Risks
Managing Secondary and Residual Risks involves identifying, analyzing, and addressing new risks that emerge as a direct result of implementing risk responses. **Secondary risks** are risks that arise as a consequence of implementing a risk response to an initial risk. For example, accelerating a project schedule to mitigate delay risks may increase the risk of errors due to hastened work. **Residual risks** are the risks that remain after risk responses have been executed. These are the leftover exposures that were not entirely eliminated through the response strategies. Effective management of secondary and residual risks is crucial to ensure that the efforts to mitigate primary risks do not introduce new threats or leave significant vulnerabilities unaddressed. This process begins with the identification of potential secondary and residual risks during the planning of risk responses. Risk managers should use tools like impact analysis and scenario planning to foresee these risks. Once identified, these risks should be evaluated in terms of their probability and impact, just like primary risks. Appropriate response strategies should then be developed and integrated into the overall risk management plan. This may involve developing contingency plans, allocating additional resources, or adjusting project objectives. Continuous monitoring is essential for managing secondary and residual risks. As the project progresses and risk responses are implemented, the project team should vigilantly observe for any new risks that emerge and assess the effectiveness of the risk responses. This dynamic approach allows for timely modifications to the risk management plan, ensuring that all risks are kept within acceptable thresholds. In summary, managing secondary and residual risks ensures a comprehensive risk management approach. It acknowledges that risk responses can have unintended consequences and that some risks cannot be entirely eliminated. By proactively addressing these risks, organizations can minimize surprises, optimize resource utilization, and enhance the likelihood of achieving project objectives.
Managing Secondary and Residual Risks in Risk Response Implementation
Understanding Secondary and Residual Risks
Secondary and residual risks are critical components of the risk management process that project managers must effectively handle. This guide explains what these risks are, why they matter, and how to manage them according to PMI-RMP best practices.
What Are Secondary and Residual Risks?
Secondary Risks: These are new risks that arise as a direct result of implementing a risk response strategy. Essentially, they are the "side effects" of your risk treatments.
Example: If you decide to outsource a technical component to address a skill gap risk, you might create a secondary risk of vendor management challenges or communication difficulties.
Residual Risks: These are risks that remain after risk responses have been implemented. They represent the leftover risk exposure that the project must accept.
Example: After implementing security measures to protect sensitive data, a small possibility of a data breach might still exist - this is a residual risk.
Why Managing These Risks Is Important
- Prevents unexpected issues from derailing your project
- Ensures complete risk coverage throughout the project lifecycle
- Helps maintain stakeholder confidence
- Supports informed decision-making about risk acceptance
- Demonstrates comprehensive risk management maturity
How to Manage Secondary and Residual Risks
1. Identification Phase:
- When planning risk responses, proactively identify potential secondary risks
- Document both secondary risks and anticipated residual risks
- Use techniques like expert judgment and brainstorming with the team
2. Analysis Phase:
- Assess the impact and probability of secondary risks
- Determine if the secondary risk outweighs the benefit of the original response
- Evaluate if residual risks are within acceptable thresholds
3. Response Planning:
- Develop appropriate responses for significant secondary risks
- Determine whether to accept, further mitigate, or transfer residual risks
- Document these decisions in the risk register
4. Implementation and Monitoring:
- Track both secondary and residual risks through regular reviews
- Adjust strategies as needed based on changing conditions
- Report status to stakeholders
Best Practices for Managing Secondary and Residual Risks
- Document all identified secondary and residual risks in the risk register
- Consider secondary risks explicitly when evaluating response options
- Establish clear risk tolerance thresholds for residual risks
- Create contingency plans for significant residual risks
- Review and update assessments throughout the project lifecycle
Exam Tips: Answering Questions on Managing Secondary and Residual Risks
1. Understand the Definitions:
- Be clear on the distinction between secondary and residual risks
- Recognize that secondary risks are NEW risks created by responses
- Know that residual risks are what REMAIN after response implementation
2. Process Questions:
- Remember that identifying secondary risks happens during response planning
- Understand that residual risk evaluation occurs after response implementation
- Know that both types should be documented in the risk register
3. Scenario-Based Questions:
- Look for clues indicating a risk is arising FROM a response (secondary)
- Identify language suggesting "remaining" or "still present" risks (residual)
- Consider the project context carefully before selecting answers
4. Priority Questions:
- Remember that high-impact secondary risks might require reconsidering the original response
- Understand that residual risks above tolerance thresholds need additional responses
- Know that some residual risk is usually acceptable in most projects
5. Communication Questions:
- Recognize that both types of risks should be communicated to stakeholders
- Know that formal acceptance may be required for significant residual risks
- Understand the project manager's responsibility to keep these risks visible
Common Mistakes to Avoid in Exams
- Confusing secondary risks with fallback plans
- Assuming all residual risks must be eliminated
- Thinking secondary risks are always negative (they can occasionally be positive)
- Overlooking the need to reassess risk response strategies when secondary risks are significant
- Failing to recognize when a question is testing your knowledge of these specific risk types
By thoroughly understanding how to manage secondary and residual risks, you'll demonstrate advanced risk management knowledge on the PMI-RMP exam and be better prepared to implement these concepts in real-world projects.
Go Premium
PMI Risk Management Professional Preparation Package (2025)
- 3223 Superior-grade PMI Risk Management Professional practice questions.
- Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
- Unlock Effortless PMI-RMP preparation: 5 full exams.
- 100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
- Bonus: If you upgrade now you get upgraded access to all courses
- Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!