A Few Commonly Used Risk Management Terms

September 3, 2020
Fahad Usmani
Risk Management Terms c

When we hear the term ‘risk’, potential harm comes to mind. This assumption is not always correct. Sometimes, it can be positive. In modern project management, risk is actively taken into planning consideration.

There are many types of risks and terms related to risk management that often confuse people, and exam takers may make mistakes. Therefore, in this blog post we will discuss the most commonly used risk management terms for your easy reference.

These terms will help you understand the risk management process, and will help you with your PMP and PMI-RMP exams.

The following are the most commonly used risk management terms:

  • Risk
  • Positive Risk
  • Negative Risk
  • Issue
  • Known Risk
  • Unknown Risk
  • Risk Tolerance
  • Risk Threshold
  • Residual Risk
  • Secondary Risk
  • Risk Trigger
  • Risk Owner
  • Risk Action Owner
  • Contingency Reserve
  • Management Reserve
  • Contingency Plan
  • Fallback Plan


Project risk is an uncertain event that will have a positive or negative effect on one or more project objectives, if it occurs.

Risk is acknowledging that uncertain events may happen. By recognizing them, the project manager can equip themselves and their team to better manage the risk. 

A risk can be either positive or negative. A positive risk is also known as an opportunity and a negative risk as a threat.

Positive Risk

A positive risk is a condition or situation that is favorable to the project and will have a good impact on any of your project objectives if it occurs.

Since these risks positively affect your project, you should try to have them happen. The response strategy for positive risks is to increase the likelihood of the event happening or increase the impact.

For example, let us say that there is a possibility that if you complete your project a few days before the scheduled date, you will get another.

Negative Risk

A negative risk is a condition or situation that is unfavorable to the project and will have a bad impact on one or more of your project objectives, if it occurs.

Negative risks always harm your project; therefore, it is necessary for you to manage them. Your strategy will be to either avert the risk or minimize its chance of happening.

For example, let us say that in your project there is a possibility that some equipment may break due to workload; this is an example of a negative risk, and if this happens, it will hurt your project.


This is a hot topic or a disputed matter; with an issue, there is disagreement among the project stakeholders. As a project manager, it will be your responsibility to manage issues and note them in a log with their resolution.

Known Risks

Known risks are risks that have been identified.

For example, you know that there is a chance that one of your team members may go on leave during the peak of your project. This is a known risk, and to manage this you make a plan to bring in another identified employee.

You will use the contingency reserve to manage known risks.

Unknown Risks

These are unidentified; they are not known until they happen. You cannot make a response plan for these risks and you cannot manage them proactively.

Unknown risks are managed through workarounds; to manage these kinds of risks, you will use the management reserve.

Risk Tolerance

Risk tolerance is about the sensitivity of stakeholders or organizations towards risks.

High tolerance means people are willing to take risks, while low tolerance means people are not willing to take a high risk unless the benefit of taking the risk outweighs the fear.

Tolerance is shown in limits.

For example, a 5% cost overrun is acceptable for an organization, but anything above that is not.

Risk Threshold

This is the amount of risk that an organization or individual is willing to accept.

The risk threshold is usually a definitive figure.

For example, your organization allows you a cost overrun of 10,000 USD, but anything more than that is not acceptable.

The risk threshold is a further step in risk tolerance. In other words, you can say that it quantifies the risk tolerance with a more precise figure.

Residual Risks

These are risks that are expected to remain after implementing the planned risk response, as well as those that are deliberately accepted.

For example, let us say you are constructing a building in an earthquake-prone zone. You design the building by assuming the highest magnitude of earthquake that can happen is 6 on the Richter Scale. However, what if an earthquake with a greater magnitude occurs.

In this scenario, the building might collapse.

This is an example of a residual risk.

Secondary Risks

Secondary risks are those that arise as a direct outcome of implementing the response of an identified risk.

For instance, assume you are constructing a building and for security reasons you installed electrical wire at the top of the boundary wall. But what will happen if someone accidentally touches the electrical wire, or the electricity passes through the wet wall during a storm?

They will get an electric shock.

This is an example of a secondary risk.

Risk Triggers

These are indications that a risk has occurred or is about to. Risk triggers are sometimes called warning signs or risk symptoms.

For example, cloud movement can be a risk trigger for rainfall.

Risk Owner

This is a project team member who is assigned the responsibility of ensuring that the risk response is effective and to plan additional risk responses if required.

Generally, the risk owner and risk action owner is the same person in a small or medium type of project. However, if the project is large and complex, you can assign a separate risk action owner.

The responsibility of the risk owner is to manage risks assigned and update the project manager on a regular basis.

You can assign a single risk to one owner or many risks to one owner depending on the situation, requirements, and the capabilities of the team member.

Risk Action Owner

Usually, you will assign a risk action owner if you have a large project where it is difficult for the risk owner to manage the risk on their own and they need a helping hand.

The risk action owner helps the risk owner manage the risk. The responsibility of a risk action owner is to ensure that the agreed-upon risk responses are carried out as planned.

Contingency Reserve

A contingency reserve is a calculated reserve used to manage identified risks.

This is a part of the cost baseline and a project manager does not need any approval to use this reserve.

Management Reserve

A management reserve is created by expert judgement based on the project’s complexity and uncertainty. Usually, it is a percentage of the cost baseline, for example, 5% or 10%.

The management reserve is part of the project budget and a project manager needs management’s approval to use this reserve.

The management reserve is used for unidentified risks.

Contingency Plan

A contingency plan is for managing identified risks. 

The contingency plan uses the contingency reserve.

Fallback Plan

This is also used to manage identified risks. You will use this plan when your contingency plan proves ineffective or fails; it’s a fallback

You will use the contingency reserve for the fallback plan.


In this blog post, I have tried to cover a few commonly used risk management terms. If you understand them well, I believe solving questions from the risk management knowledge area will be easy for you on your PMP and PMI-RMP certification exams. If you feel there are any other important terms that should be added to the list, let me know through the comments section, and I will consider adding those terms here.

PMP Question Bank

This is the most popular Question Bank for the PMP Exam. To date, this PMP Question Bank has helped over 10,000 PMP aspirants pass the PMP exam. 

__CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"62516":{"name":"Main Accent","parent":-1}},"gradients":[]},"palettes":[{"name":"Default Palette","value":{"colors":{"62516":{"val":"rgb(59, 60, 61)"}},"gradients":[]}}]}__CONFIG_colors_palette__
More Details

PMP Formula Guide

This is the most popular Formula Guide for the PMP Exam. If you face difficulty with attempting mathematical questions for the PMP exam.

__CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"62516":{"name":"Main Accent","parent":-1}},"gradients":[]},"palettes":[{"name":"Default Palette","value":{"colors":{"62516":{"val":"rgb(59, 60, 61)"}},"gradients":[]}}]}__CONFIG_colors_palette__
More Details

Recommended Reading

Speak Your Mind

  • Hi Fahad,

    According to PMBOK

    Residual Risk – are remaining risks which are left after risk response has been implemented.
    Secondary Risk – are the risks which arises after the risk response has been implemented.

  • Thanks for such a good and clear knowledge specially for new like me…Would you like please to brief us on Progressive Elaboration?


  • Salam

    Your explanation is interesting, with an efficient way and grateful examples.
    This blog really help me to understand the meaning of the terms and clarify some gaps.

  • Hi Fahad,
    Thank you for your wonderful blogs. Can you answer the following question?

    Since you had indicated that unavailability of resources was a risk on your project, you had a contingency strategy in place that allowed for a temporary staff augmentation. Management signed off on this approach. This risk was realized and you implemented the contingency plan, however the new staff may take longer to get up to speed in the environment than originally thought. What does this new situation describe?
    A. Residual risk
    B. Risk trigger
    C. Secondary risk
    D. Passive risk response

    I thought the answer would be A, but the site where I found this question indicates the answer is C. How do you explain that?

    Thank you.

    • Residual risk is remain after applying the risk response plan. This is an example of secondary risk because once you bring in any new member he may take some time to get along. This is the risk which came into effect due to implementing response to the primary risk.

  • How does Risk effects Quality and Scope of a Project? Please explain with examples.
    Jazak Allah Khair

    • It is a project manager’s responsibility to maintain the high quality of the product; however, a risk may lead to a trade-off which should be in agreement with the client and documented.

      For the scope, let’s say your competitor has launched a product before you and therefore you also have to launch it ealier. In this case you may need to cut something from the scope the launch the product earlier.

  • Thanks a lot your blog is brilliant it collect items make me confused i’m using now as a final review for my exam

  • BTW, this also applies to positive risks,

    Organizations set impact thresholds to go ahead and Enhance / Share the positive risks to bring benefits to the organisation.

  • Fahad , I need clarification on Risk Tolerance and Risk Threshold.

    Risk Tolerance – Degree or level up to which risk is acceptable.

    Risk Threshold – A specific point at which risk is unacceptable.

    • Risk tolerance tells us about the sensitivity of stakeholders.

      Risk Threshold is an amount of money that an organization is willing to accepts, for example your organization says that for a particular project $20,000 USD cost over run is acceptable to them.

      • Another way of thinking the difference is that while tolerance is subjective, threshold is objective. for example, i can be a risk-taker for person X but not for person Y. However, my risk threshold remains constant for both X and Y

        • Hi Sumeet, ( and Anish)

          Your reply is more aligned to risk attitude than risk tolerance / risk threshold.

          Even though both are next to each other, there is a subtle difference. Tolerance is ability to stretch yourself . You would not take an AVOID approach to handle the risk. You would have well defined MITIGATE / TRANSFER steps to handle.

          Thresholds address step 2 in this case, where the organization stresses itself to pull down the impact to a level below the threshold.

  • Dear Fahad,

    I have little confusion on residual risk and secondary risk. Since these two kinds are occuring after some primary risk, do we consider these risks at the planning stage under known unknowns? How do we do the response plan for these types?
    Please clarify

  • Fahad,

    I was answering a question and came across “non-linear probability impact scales for Risk assessment”. I could n’t find any information on this. Do you know anything on this. Answer had the following description:

    “Use of non-linear values implies the organization wishes to avoid high- impact threats or exploit high-impact opportunities even if they have relatively low probability. In using non linear values, it is important to understand what each of the numbers mean, their relationship to one another, how they were derived, and the effect they may have on different objectives of the project.”

    I could not understand the meaning of it. Can you provide some insight on this.

    • After reading the given explanation, I think that the “non-linear probability impact scales for Risk assessment” is used in such cases where the probability of happening a partucual event is very low. However, if it happens then the loss is enormous and the concerned organization wants to avoid this possible loss at any case.

      For example, let’s say that the chance of tsunami at particular place is very low, but if the tsunami comes, losses are very huge.

      Since it involves very complex calculation, each parameter should be checked very thoroughly to avoid any possible error or human biased.

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

    Recommended Resources

    Use these resources for your PMP certification exam preparation and pass the exam with minimal effort.

    __CONFIG_group_edit__{"jv80vv8f":{"name":"All Image(s)","singular":"-- Image %s"},"jv812jsg":{"name":"All Title(s)","singular":"-- Text %s"},"jv812qp8":{"name":"All Name(s)","singular":"-- Text %s"},"jv812zdt":{"name":"All Divider(s)","singular":"-- Divider %s"},"jv813402":{"name":"All Paragraph(s)","singular":"-- Text %s"},"jv813af5":{"name":"All Button(s)","singular":"-- Button %s"},"jv813f5t":{"name":"All Content Box(s)","singular":"-- Content Box %s"},"jv813k1c":{"name":"All Column(s)","singular":"-- Column %s"}}__CONFIG_group_edit__
    __CONFIG_local_colors__{"colors":{"c85e2":"Button ","f242c":"Border"},"gradients":{}}__CONFIG_local_colors__

    The PMP Training Program

    The PMI approved 35 contact hours training program that is 100% online, affordable, and help you prepare the PMP exam.

    __CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"3e1f8":{"name":"Main Accent","parent":-1}},"gradients":[]},"palettes":[{"name":"Default Palette","value":{"colors":{"3e1f8":{"val":"rgb(255, 255, 255)","hsl":{"h":210,"s":0.01,"l":0.99}}},"gradients":[]},"original":{"colors":{"3e1f8":{"val":"rgb(19, 114, 211)","hsl":{"h":210,"s":0.83,"l":0.45}}},"gradients":[]}}]}__CONFIG_colors_palette__
    Read More

    The PMP Exam Preparation Tool

    A PMP exam preparation course, that is 100% online and provide you everything you need to pass the PMP exam.

    __CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"3e1f8":{"name":"Main Accent","parent":-1}},"gradients":[]},"palettes":[{"name":"Default Palette","value":{"colors":{"3e1f8":{"val":"rgb(255, 255, 255)","hsl":{"h":210,"s":0.01,"l":0.99}}},"gradients":[]},"original":{"colors":{"3e1f8":{"val":"rgb(19, 114, 211)","hsl":{"h":210,"s":0.83,"l":0.45}}},"gradients":[]}}]}__CONFIG_colors_palette__
    Read More