PM Study Circle - A PMP Exam Preparation Blog

PMP Exam Preparation Study Materials, Lessons Learned, 35 Contact Hours, PMP FAQ, etc.

Residual Risks vs Secondary Risks

By 22 Comments

Residual Risks vs Secondary RisksIn one of my previous blog posts, I discussed all types of risks and risks related terms. In the same blog post, I gave a short brief on secondary risks and residual risks but I did not talk about the strategies to deal with them.

Although I have written another blog post explaining contingency and fall back plans, I see that many people still are not able to connect the link between these concepts.

A few days before on my blog post on contingency plan vs. fall back, a visitor to my blog named Stanaja posted her comment. She was confused with contingency plan and fall back plan. In her comment she said that contingency plan and fallback plan are the same.

She also quoted some text from the PMBOK Guide, which says in case of any occurrence of risks, the response created in fallback or contingency plans can be implemented.

According to her, since the PMBOK Guide says to implement either fallback or contingency plans if any risk occurs, she thought that these two are the same.

In fact, if any identified risk occurs, you will implement the contingency plan, and if this plan fails, you will go for the fallback plan.

Anyway, in this blog post I’m going to explain to you secondary risk and residual risks, and which plan you will use to manage them.

Okay, let’s get started.

Risks

As per the PMBOK Guide, a risk is an uncertain event or condition that, if it occurs, has an effect on at least one project objective. It is not necessary that a risk should always harm the project; a risk can also have a positive effect on the project.

Risks can be divided into two categories: positive risks (opportunities) and negative risks (threats).

A positive risk brings some positive things to the project; for example, if you buy some project materials in advance or in bulk, you may get some discount. On the other hand, a negative risk has a negative impact on the project; for example, rain may dampen your project’s progress.

Secondary Risks

Now we come to secondary risks.

As per the PMBOK Guide, secondary risks are those risks which arise as a direct outcome of implementing a risk response. Simply put, you can say that you have identified a risk and created a response plan to manage this risk.

However, if you implement this risk response plan, there is a chance of a new risk.This new risk caused by the response plan is known as the secondary risk.

For example let’s say you excavate a trench to stop passing animals on your agricultural land. However, there is a chance that during night, any traveler passing nearby may fell into the trench.

Secondary risks are also evaluated for their severity. They may or may not need a response plan depending on their impact on the project objective. If the impact is high, you will create a response plan; if it is negligible, you will just keep them on the watch list.

Residual Risks

As per the PMBOK Guide, residual risks are those risks which are expected to remain after the planned response of risk has been taken, as well as those that have been deliberately accepted.

For example, let’s say you have identified a risk that there is a chance of rain which may last for one to two hours, and you have created the contingency plan to manage this risk.

Okay, but what if the rain continues to fall for more than two hours?

You will analyze this situation and create a fallback plan for this risk. This is an example of a residual risk.

As a project manager, you will ensure that each residual risk is evaluated properly. If you see that there is no action required, you will keep them on the watch list. However if they require any action, you must reduce the probability or impact of the risk.

Please note, regardless of the type of risk, whether it is a primary risk, secondary risk or a residual risk, if the risk trigger hits, you will implement the response plan. If it is a primary or secondary risk, you will implement the contingency plan; however, if it is a residual risk, you will implement the fallback plan.

However, note that if any of these risks occur, you will use the contingency reserve, not the management reserve. Contingency reserve is used for identified risks and management reserve is used for unidentified risks.

Summary

Residual and secondary risks are identified risks and you will create the response for each of them (if required). If any of these risks do not require a response plan, you will keep them on a watchlist for future monitoring. You will use the contingency reserve to manage these risks. Please note again, you will not use the management reserve to manage these risks, because these are identified risks and the management reserve is used to manage unidentified risks.

Here this blog post on residual and secondary risks finishes, if you have something to add with this discussion, you can do that through comments section.

Share8
Share9
+11
WhatsApp

Comments

  1. Thank you very much Fahad for your explanation . But I confused when can use response plan and contingency plan ??!!

    Reply

      • Fahad,
        Thanks for your blog, I also bought your book the PMP Question Bank and so far, I am averaging approximately 82% (my goal is 85%). Kindly correct me if I am wrong, initially I thought contingency reserves were used for accepted– at least that’s what I think I read in another book-used when a proactive risk approached is being used). Then I realized this is not the case, but it rather applies when basically when using ” risk mitigation” where residual or secondary risks remain or come to existence.

        Is my thought process wrong; kindly assist.

        Btw, do you have other books of questions for the PMP exam, if, I would like to know how to obtain them.

        VR

        Reply

        • Yes. Contingency reserve is used for identified risks. Primary risks, secondary risks, residual risks, these are all identified risks.

          No, I don’t have any other question bank accept the one that you already have with you.

          Good luck on your PMP exam.

          Reply

  2. Please explain the difference b/w fall back plan, work around and contingency plan …all are same ?

    Reply

  4. Fahad – Your study notes which are basically an expert clarification has helped alot to me, i could review it time to time to check my understanding and i cleared my PMP exam with (2 Moderately Proficient and 3 Proficient) in my first attempt.
    You are giving a great service to this community. God bless you.

    Reply

    • Congratulation Nitesh for passing the PMP exam. I’m glad that my blog helped you in your study.

      Reply

  5. Hi

    Residual risk : what is ‘leftover’ after implementing a contingency plan
    Secondary risk: New risk after implementing a contingency plan

    So, if you sub contract out a piece of work to another contractor (transfer), if the contractor go bust, is that a residual risk or secondary risk. For me, it sounds like a secondary risk.

    but if the contractor were to have some delay to its deliverable to your project, it is seen as a residual risk.

    Comments?

    Reply

    • The first case represents a “residual” risk, because the risk impact stays the same (choosing transfer as risk response is mainly to minimize the liability or to address a technical/ expertise gap in the company), so this will stay the same for the 1st case, thus it is a residual risk. As for the 2nd case, it is a secondary risk since the risk impact is different than primary risk impact. In this case, the impact could be delays to project schedule.
      I hope this makes sense

      Reply

  6. Risks that are caused by the response to another risk is Residual or Secondary Risks.

    Iam trying to buy 400pmp exam sample qs . but is not possible. pl let me how we can get it

    Reply

  7. Hi Fahad,
    Thank you for precisely explaining residual and secondary risk in your blog. My question is regarding secondary risk. what is the name of the risk response plan for the secondary risk? For example, we have a contingency plan for primary risk. I am trying to understand is there any such similar response plan available for secondary risk?
    Regards,
    Bala

    Reply

  8. hi all,

    I have some queries on the priorities regards to risk, hope someone can advise me

    q1) when a risk triggered, do we first
    a) inform the stakeholder , or
    b) implement the risk response plan

    q2) when a new risk occur, do we (which is first, second and third)
    a) update in the risk register
    b) analyse the impact
    c) inform the stakeholder

    Reply

    • When the trigger occurs, risk action owner will take the action and implement the risk response plan.

      When any new (un-identified) risk occurs, you will manage it through workaround.

      Reply

  9. Mr. Fahad

    You mentioned in your blog that fall back plan are used for residual risks . But as per what i understand fall back plan are used only if the contingency plan is inadequate to solve the problem.

    Please correct me if i am wrong.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

400 PMP Exam Sample QuestionsTry It Out