Back to Risk Response Planning

Managing Residual and Secondary Risks

5 minutes 5 Questions

Managing residual and secondary risks is an essential concept in Risk Response Planning that ensures comprehensive risk management. Residual risks are those that remain after risk responses have been implemented, while secondary risks are new risks that emerge as a direct result of implementing a risk response. Recognizing and planning for these risks is crucial to avoid unexpected setbacks during project execution. Residual risks acknowledge that no risk response can entirely eliminate a risk, especially in complex projects. Thus, it's important to identify what level of risk remains and assess its potential impact. This involves reevaluating the risk in light of the response measures and determining if additional actions are required. For instance, after implementing a mitigation strategy for a technical risk, there may still be a small chance of failure that needs monitoring. Secondary risks arise because actions taken to address one risk may create new risks. For example, outsourcing a component to mitigate cost risks might introduce risks related to quality control or communication challenges. Identifying secondary risks requires careful analysis of the potential side effects of risk responses. It is important to include these risks in the risk register and develop appropriate response plans for them. Effective management of residual and secondary risks involves updating risk management documentation and communicating changes to all stakeholders. It ensures that the risk management plan remains dynamic and responsive to new developments. Regular risk reviews and audits can help in identifying these risks early and adjusting plans accordingly. Allocating resources to monitor and control residual and secondary risks is also vital. This might include setting aside contingency reserves or scheduling periodic risk assessments. By proactively managing these risks, project managers can minimize their impact and avoid compounding issues that could jeopardize project success. In conclusion, managing residual and secondary risks is about acknowledging that risk management is an ongoing process. It requires continuous attention to the evolving risk landscape of a project. By doing so, project teams can maintain control over the project’s direction and outcomes, even in the face of new and persisting challenges.

Managing Residual and Secondary Risks: A Comprehensive Guide

Understanding Residual and Secondary Risks in Project Risk Management

In the PMI-RMP certification realm, managing residual and secondary risks represents a critical aspect of comprehensive risk management. This guide explores these concepts in depth, their importance, and provides strategies for handling exam questions effectively.

What Are Residual and Secondary Risks?

Residual Risks are those risks that remain after risk responses have been implemented. Even after applying risk response strategies, some level of risk exposure typically remains. These leftover risks must be documented and monitored throughout the project lifecycle.

Secondary Risks are new risks that arise as a direct result of implementing a risk response. For example, if you decide to outsource a component to mitigate a technical risk, you might create new risks related to vendor management or integration challenges.

Why Managing These Risks Is Important

1. Complete Risk Coverage: Addressing only primary risks leaves the project vulnerable to residual and secondary risks that could impact objectives.

2. Continuous Risk Management: Understanding these risks reinforces that risk management is an ongoing process, not a one-time activity.

3. Realistic Risk Planning: It acknowledges that risk responses may not completely eliminate risks and may generate new ones.

4. Project Success: Proper management of these risks significantly increases project success rates by addressing the full spectrum of potential issues.

How to Manage Residual and Secondary Risks

1. Identification:
- For residual risks: Evaluate the effectiveness of risk responses and determine remaining risk exposure
- For secondary risks: Perform "what-if" analyses on each planned risk response

2. Documentation:
- Update the risk register with both residual and secondary risks
- Include detailed descriptions, triggers, and potential impacts

3. Assessment:
- Evaluate the probability and impact of these risks
- Prioritize them based on their risk scores

4. Response Planning:
- Develop specific response strategies for significant residual and secondary risks
- Consider contingency reserves for these risks

5. Monitoring:
- Track identified residual and secondary risks
- Assess the effectiveness of responses during project execution

Exam Tips: Answering Questions on Managing Residual and Secondary Risks

1. Distinguish Between Terms:
- Be clear about the differences between residual risks (remaining after response) and secondary risks (created by response)
- Remember that fallback plans address residual risks if the primary response fails

2. Response Mechanisms:
- Understand that contingency plans are for identified risks (including secondary risks)
- Recognize when scenarios suggest accepting, transferring, mitigating, or avoiding residual and secondary risks

3. Process Knowledge:
- Know that residual and secondary risks should be documented in the risk register
- Identify when a scenario involves creating secondary risks

4. Scenario Analysis:
- In scenario questions, look for clues that indicate whether the question addresses a primary risk, residual risk, or secondary risk
- Pay attention to risk response consequences

5. Conceptual Application:
- Apply the concept that every risk response may generate secondary risks
- Understand that residual risks often require additional monitoring rather than active response

Key Recall Points for the Exam

- Residual risks: Always present after implementing risk responses
- Secondary risks: Generated by implementing risk responses
- Both types must be documented in the risk register
- Both should undergo qualitative and quantitative analysis as appropriate
- Both may require specific risk response strategies
- Contingency reserves may be needed for both types
- Both require monitoring throughout the project lifecycle

Practice Question Strategies

When facing questions about residual and secondary risks:

1. Analyze the scenario to determine if it describes:
- A risk remaining after response (residual)
- A new risk created by a response (secondary)

2. Consider the appropriate management approach based on this determination

3. Remember that both types follow the same risk management process steps as primary risks

4. Focus on the need to document, assess, respond to, and monitor these risks

By thoroughly understanding how to manage residual and secondary risks, you demonstrate a comprehensive grasp of the risk management process that the PMI-RMP exam evaluates.

Test mode:
Start practice test
PMI-RMP - Risk Response Planning Example Questions

Test your knowledge of Amazon Simple Storage Service (S3)

Question 1

When a project team identifies that a risk response has created a new potential threat, this new risk should be classified as:

Correct Answer: A secondary risk that requires additional analysis and response planning

A new risk that emerges as a result of implementing a risk response is classified as a secondary risk. Secondary risks are potential threats or opportunities that arise as a direct result of implementing a risk response strategy. These risks need further analysis and planning to manage their potential impacts on the project. Residual risks are those that remain after risk responses are implemented, not new risks from responses. Triggered risks are those that have actually occurred and require the execution of planned responses, not new risks from response actions. Cascading risks refer to a chain reaction of risks, but this is not the correct term for risks that emerge specifically from implementing risk responses.

Question 2

Which statement best describes the management of residual risks in a project?

Correct Answer: These are risks that remain active after planned responses have been implemented

Residual risks are those that continue to exist after all planned risk responses have been implemented. These risks have been actively identified and assessed, but the organization has decided to accept them, either because the cost of further mitigation would exceed the potential benefits, or because some risks simply cannot be eliminated entirely. Here's why other options are incorrect: The option about secondary risks is incorrect because secondary risks are new risks that arise as a direct result of implementing a risk response. They are different from residual risks. The option about fully mitigated risks is incorrect because residual risks, by definition, are NOT fully mitigated - they still exist after response implementation. The option about unplanned consequences is incorrect because this describes unintended side effects of risk responses, not residual risks. These would be more accurately categorized as secondary risks or emergent risks.

Question 3

In the process of managing secondary and residual risks, what is the recommended approach when a risk response strategy appears to be less effective than initially planned?

Correct Answer: Revise the risk response strategy and update the risk register

The best approach when a risk response strategy is less effective than planned is to revise the strategy and update the risk register. Here's why: A key principle of risk management is continuous monitoring and adaptation. When a strategy isn't working as intended, the proper response is to: 1. Evaluate why it's not effective 2. Develop improvements to the strategy 3. Document the changes in the risk register 4. Implement the revised approach Why other approaches are incorrect: Documenting and proceeding anyway fails to address the underlying problem and could lead to increased project risks. Continuing with an ineffective strategy while only monitoring it is passive and could allow risks to escalate unnecessarily. Escalating to senior management should not be the first response - project managers should first attempt to address issues at their level through strategy revision.

Go Premium

PMI Risk Management Professional Preparation Package (2025)

  • 3223 Superior-grade PMI Risk Management Professional practice questions.
  • Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
  • Unlock Effortless PMI-RMP preparation: 5 full exams.
  • 100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
  • Bonus: If you upgrade now you get upgraded access to all courses
  • Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!
More Managing Residual and Secondary Risks questions
12 questions (total)
Start 12 question test