In one of my previous blog posts, I discussed all types of risks and risks related terms. In the same blog post, I gave a short brief on secondary risks and residual risks but I did not talk about the strategies to deal with them.
Although I have written another blog post explaining contingency and fall back plans, I see that many people still are not able to connect the link between these concepts.
A few days before on my blog post on contingency plan vs. fall back, a visitor to my blog named Stanaja posted her comment. She was confused with contingency plan and fall back plan. In her comment she said that contingency plan and fallback plan are the same.
She also quoted some text from the PMBOK Guide, which says in case of any occurrence of risks, the response created in fallback or contingency plans can be implemented.
According to her, since the PMBOK Guide says to implement either fallback or contingency plans if any risk occurs, she thought that these two are the same.
In fact, if any identified risk occurs, you will implement the contingency plan, and if this plan fails, you will go for the fallback plan.
Anyway, in this blog post I’m going to explain to you secondary risk and residual risks, and which plan you will use to manage them.
Okay, let’s get started.
As per the PMBOK Guide, a risk is an uncertain event or condition that, if it occurs, has an effect on at least one project objective. It is not necessary that a risk should always harm the project; a risk can also have a positive effect on the project.
Risks can be divided into two categories: positive risks (opportunities) and negative risks (threats).
A positive risk brings some positive things to the project; for example, if you buy some project materials in advance or in bulk, you may get some discount. On the other hand, a negative risk has a negative impact on the project; for example, rain may dampen your project’s progress.
Now we come to secondary risks.
As per the PMBOK Guide, secondary risks are those risks which arise as a direct outcome of implementing a risk response. Simply put, you can say that you have identified a risk and created a response plan to manage this risk.
However, if you implement this risk response plan, there is a chance of a new risk.This new risk caused by the response plan is known as the secondary risk.
For example let’s say you excavate a trench to stop passing animals on your agricultural land. However, there is a chance that during night, any traveler passing nearby may fell into the trench.
Secondary risks are also evaluated for their severity. They may or may not need a response plan depending on their impact on the project objective. If the impact is high, you will create a response plan; if it is negligible, you will just keep them on the watch list.
As per the PMBOK Guide, residual risks are those risks which are expected to remain after the planned response of risk has been taken, as well as those that have been deliberately accepted.
For example, let’s say you have identified a risk that there is a chance of rain which may last for one to two hours, and you have created the contingency plan to manage this risk.
Okay, but what if the rain continues to fall for more than two hours?
You will analyze this situation and create a fallback plan for this risk. This is an example of a residual risk.
As a project manager, you will ensure that each residual risk is evaluated properly. If you see that there is no action required, you will keep them on the watch list. However if they require any action, you must reduce the probability or impact of the risk.
Please note, regardless of the type of risk, whether it is a primary risk, secondary risk or a residual risk, if the risk trigger hits, you will implement the response plan. If it is a primary or secondary risk, you will implement the contingency plan; however, if it is a residual risk, you will implement the fallback plan.
However, note that if any of these risks occur, you will use the contingency reserve, not the management reserve. Contingency reserve is used for identified risks and management reserve is used for unidentified risks.
Residual and secondary risks are identified risks and you will create the response for each of them (if required). If any of these risks do not require a response plan, you will keep them on a watchlist for future monitoring. You will use the contingency reserve to manage these risks. Please note again, you will not use the management reserve to manage these risks, because these are identified risks and the management reserve is used to manage unidentified risks.
Here this blog post on residual and secondary risks finishes, if you have something to add with this discussion, you can do that through comments section.