Residual Risk vs Secondary Risk
We all face risks on a daily basis. We might panic, or try not to take any overt risks, and even try to avoid them, but risks are inevitable; they eventually find their way into our lives. The same goes for business organizations. A risk is defined as “the exposure to the chance of injury or loss—a hazard or dangerous chance.”
The PMBOK® Guide defines a risk as “An uncertain event or condition that, if it occurs, has a positive or negative effect upon at least one project objective.” A risk does not necessarily always harm a project. A project may also obtain a positive outcome from a risk event. The PMBOK Guide also states that Risk Management is one of the ten knowledge areas where a project manager should be competent.
Project Managers are trained in risk management to ensure that risks are kept to a minimum in their projects. This means project managers need to be able to think outside the box and not take the same route again. Risk Management is “the process of identifying, analyzing, and responding to risk factors throughout the life of a project in the best interest of its objectives.”
What Types of Risks are there?
Aside from the primary risk inherent in any project, activities may also involve secondary and residual risks. Let’s take a look at residual vs. secondary risk.
What are Secondary Risks?
The PMBOK Guide defines secondary risks as “those risks that arise as a direct outcome of implementing a risk response.” In other words, you identify a risk and have a response plan in place to deal with that risk. Once this plan is implemented, the new risk that may arise from the implementation—that’s a secondary risk.
A response plan is created depending on the impact of these risks on a project. A high impact risk will require a response plan, whereas if the risk seems negligible, it will only be watched by managers.
As an example, imagine you are the project manager for a construction project. From past experience, you know that one main risk that you may face is that the sand supplier may not deliver on time. In the risk management plan you create, you have already accounted for this risk. The action you will take if this were to occur could be to procure the sand from a different supplier. A potential risk that you may encounter is that there may be differences in the sand provided by the first and second supplier, which would then be a secondary risk.
What are Residual Risks?
Residual risks are the leftover risks, the minor risks that remain. The PMBOK Guide defines residual risks as “those risks that are expected to remain after the planned response of risk has been taken, as well as those that have been deliberately accepted.”
Residual risks are acceptable to the organization’s risk tolerance level—or, in some cases, a residual risk has no reasonable response. Managers simply accept them the way they are. If it has to happen, it will happen, and there isn’t much you can do about it.
These risks are identified during the process of planning. A contingency reserve is set up to manage risks such as these.
Organizations should address residual risks by:
- Identifying the relevant governance, risk, and compliance requirements.
- Acknowledging existing risks.
- Determine the organization's control framework's strengths and weaknesses
- Define the organization's appetite.
- Plan for appropriate contingencies
For instance, you may have established a risk of rain that may last an hour or two that may disrupt some of your planned meetings. To manage this risk, you have scheduled your other meetings with a buffer of a couple of hours. This way, even if it rains for two hours, your other plans are not disrupted.
This doesn’t eliminate the risk of your schedule going astray; it only lowers the risk. Whatever risk that still remains is termed “residual risk.” As an example, it is possible it pours down all day, which disrupts your subsequent meetings. In this case, the contingency plan (if the risk occurs) could be that you attend the meeting remotely.
This may lead to another risk that your presence during the meeting may not be as effective or impactful had there been no rain and you were present in person, which is a secondary risk.
What’s the difference between Secondary and Residual Risks?
The table below compares and contrasts these risks:
|Secondary Risks||Residual Risks|
|Definition||Those risks which arise as a direct outcome of implementing a risk response||Those risks which are expected to remain after the planned response of risk has been taken, as well as those that have been deliberately accepted|
|Action Required?||Yes||Not always – depends|
|Action to take||Creation of a response plan||A contingency plan|
|Example||Putting out a trap for an animal in your field but a member of the family getting caught in it instead||You end up attending meeting remotely|
Here's the video of our course on Introduction To PMP® Certification Training
Understanding how to identify and manage risk is a part of everyone’s life. For an aspiring project manager, learning how to distinguish and plan for different types of risks will help you more efficiently manage resources and time.
If you are considering working toward your PMP exam, Simplilearn offers a variety of project management courses that will help you pass, including PMI-RMP® Training. Our PMP training courses are conducted by certified, highly experienced professionals.
Simplilearn’s multiple project management training courses and learning paths help project manager candidates get the education they need—not only to pass certification exams, but also real-world knowledge useful for any project management career.
PMBOK is a registered trademark of the Project Management Institute, Inc.
Find our PMP® Certification Online Classroom training classes in top cities:
|PMP® Certification||22 Dec -26 Jan 2019, Weekend batch||Your City||View Details|
|PMP® Certification||6 Jan -21 Jan 2019, Weekdays batch||New York City||View Details|
|PMP® Certification||12 Jan -9 Feb 2019, Weekend batch||Boston||View Details|
Recommended articles for you
PMP® Risk Management Part VI – The Need for Risk Manageme...Article
PMP Risk Management Part VII – Process of Risk Identificat...Article
Categories and Sources of Risk in Your ProjectArticle