Secondary Risks and Residual Risks
Secondary risks are new risks that arise as a direct result of implementing a risk response. Residual risks are risks that remain after planned responses have been implemented, including minor risks that were deliberately accepted.
Explanation
When a risk response is executed, it may inadvertently create new risks. These new risks, called secondary risks, must be identified, analyzed, and managed just like any primary risk. For example, if the team transfers a risk by outsourcing a component to a vendor, a secondary risk might emerge: the vendor may not meet quality standards. This secondary risk needs its own response strategy.
Residual risks are the risks that persist after all planned responses have been applied. No risk response eliminates all exposure entirely (except avoidance, which eliminates the specific risk). Mitigation reduces probability or impact, but some level of risk remains. This residual risk should be documented, communicated to stakeholders, and may require contingency reserves.
Both secondary and residual risks must be recorded in the risk register and monitored throughout the project. They should go through the same qualitative and quantitative analysis processes as primary risks. Failure to account for secondary and residual risks can lead to underestimating the project's true risk exposure.
Key Points
- •Secondary risks arise from implementing a risk response
- •Residual risks remain after planned responses are executed
- •Both must be documented in the risk register and managed like primary risks
- •Contingency reserves may be needed for accepted residual risks
Exam Tip
A classic exam question: "A new risk emerged after implementing a response." This is a secondary risk. Know the difference between secondary (caused by the response) and residual (remaining after the response).
Frequently Asked Questions
Related Topics
Mitigate (Risk Strategy)
Mitigate is a threat response strategy that reduces the probability of occurrence and/or the impact of a threat to within acceptable limits. The risk is not eliminated but brought to a manageable level.
Plan Risk Responses
Plan Risk Responses is the process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure and to treat individual project risks.
Monitor Risks
Monitor Risks is the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.
Risk Register
The risk register is a project document that records the details of individual project risks, including their identification, analysis results, response plans, and current status.
Most-studied PMP concepts
High-yield topics our learners drill most before exam day.
Risk Register
The risk register is a project document that records the details of individual project risks, including their identification, analysis results, response plans, and current status.
Transfer (Risk Strategy)
Transfer is a threat response strategy that shifts the negative impact and ownership of a threat to a third party. The risk is not eliminated but the responsibility for managing it moves to another entity.
Burndown Chart
A Burndown Chart is a graphical representation of work remaining versus time in a Sprint or release, showing whether the team is on track to complete the planned work.
Resource Leveling
Resource leveling is a resource optimization technique in which adjustments are made to the project schedule to keep resource usage at or below a defined limit, often resulting in a longer project duration.
Stakeholder Mapping
Stakeholder mapping is the visual representation of stakeholder relationships, influence, interest, or other attributes using grids, matrices, or diagrams to support analysis and engagement planning.
Relative Estimation
Relative Estimation is an agile technique where work items are sized in comparison to each other rather than in absolute units like hours or days, providing faster and more accurate estimates.
Cost Performance Index (CPI)
Cost Performance Index (CPI) is an EVM efficiency metric that measures cost performance as the ratio of earned value to actual cost: CPI = EV / AC.
Schedule Performance Index (SPI)
Schedule Performance Index (SPI) is an EVM efficiency metric that measures schedule performance as the ratio of earned value to planned value: SPI = EV / PV.
Earned Value Management (EVM)
Earned Value Management (EVM) is a methodology that integrates scope, schedule, and cost data to assess project performance and progress objectively.
Part of
Risk Management
Test your knowledge
Practice scenario-based questions on this topic with detailed explanations.