Today we will discuss residual risks vs secondary risks.
I have explained the residual risk and secondary risk in my post on the type of risk. But I have seen many professionals have issues with understanding these two.
Let’s look at both risk management concepts in detail
Residual Risks Vs Secondary Risks
Many professionals think residual and secondary risks are unknown risks and that we use a fallback plan and management reserve if they occur.
Please understand this: residual and secondary risks are identified risks. You will carry out the contingency plan if any identified risk occurs, then apply the fallback plan if the contingency plan fails.
In both cases, you will use the contingency reserve because it is for identified risks. Management reserves are for unidentified risks.
Let’s dive deeper.
Residual Risks
You have identified risks and developed a response plan. However, when this does not completely remove the risk, the remainder is called residual risk.
According to the PMBOK Guide, “residual risks are those risks that are expected to remain after the planned responses of risks have been taken, as well as those that have been deliberately accepted.”
Example of a Residual Risk
Let’s say you have identified that it may rain for one to two hours. Therefore, you have created a contingency plan to manage this risk.
But, what happens if the rain falls for over two hours?
You have to develop a fallback plan.
This is an example of residual risk.
As a project manager, you must evaluate residual risks properly. If it is a low priority, keep it on the watch list. You will develop a risk response plan to mitigate the impact of high-priority risk.
Please note that for all risks, if the trigger hits, you will implement the response plan. This plan can be a contingency or a fallback plan.
You will implement the contingency plan for a primary or secondary risk and the fallback plan for residual risk.
You will use the contingency reserve if these risks occur, not the management reserve. The contingency reserve is for identified risks, and the management reserve is for unidentified risks.
Secondary Risks
A risk is an uncertain event that can affect your project objectives.
You will develop a risk response plan to manage it. Often, this response can create a new risk, a secondary risk.
According to the PMBOK Guide, “Secondary risks are those risks that arise as a direct result of implementing a risk response.”
Simply put, your response plan for risk caused a new risk. The new risk is known as a secondary risk.
Example of Secondary Risks
Let’s say you have excavated a trench to stop animals. However, it’s possible that pedestrians may fall into the trench.
This is an example of secondary risk.
If your response plan creates a secondary risk, you will analyze it and develop a risk response plan, if required.
If the impact is very low, you will just keep it on the watch list.
Summary
Residual and secondary risks are often ignored, and project managers don’t develop a response plan. They only focus only on primary risks. Don’t do this. Secondary and residual risks are equally important. Ignoring them will jeopardize your project’s success.
Here is where the post on residual risk vs secondary risk ends, and I hope I’ve illuminated the differences for you.
Please share your experience with managing secondary and residual risks in the comments section.
I am Mohammad Fahad Usmani, B.E. PMP, PMI-RMP. I have been blogging on project management topics since 2011. To date, thousands of professionals have passed the PMP exam using my resources.
Mr. Fahad
You mentioned in your blog that fall back plan are used for residual risks . But as per what i understand fall back plan are used only if the contingency plan is inadequate to solve the problem.
Please correct me if i am wrong.
Please refer to the following blog post:
https://pmstudycircle.com/2012/02/contingency-plan-vs-fallback-plan/
hi all,
I have some queries on the priorities regards to risk, hope someone can advise me
q1) when a risk triggered, do we first
a) inform the stakeholder , or
b) implement the risk response plan
q2) when a new risk occur, do we (which is first, second and third)
a) update in the risk register
b) analyse the impact
c) inform the stakeholder
When the trigger occurs, risk action owner will take the action and implement the risk response plan.
When any new (un-identified) risk occurs, you will manage it through workaround.
Thanks Fahad!
for un-identified risk, I had thought we have to analyze the impact first before anything?
for both of my questions, I assume ‘notifying stakeholder’ is NOT the first thing to do.
You are welcome Martin.
Hi Fahad,
Thank you for precisely explaining residual and secondary risk in your blog. My question is regarding secondary risk. what is the name of the risk response plan for the secondary risk? For example, we have a contingency plan for primary risk. I am trying to understand is there any such similar response plan available for secondary risk?
Regards,
Bala
Since these are identified risks, they will be covered in contingency plan.
Risks that are caused by the response to another risk is Residual or Secondary Risks.
Iam trying to buy 400pmp exam sample qs . but is not possible. pl let me how we can get it
From the below given link you can buy the PMP Question Bank.
https://pmstudycircle.com/pmp-question-bank/
Hi
Residual risk : what is ‘leftover’ after implementing a contingency plan
Secondary risk: New risk after implementing a contingency plan
So, if you sub contract out a piece of work to another contractor (transfer), if the contractor go bust, is that a residual risk or secondary risk. For me, it sounds like a secondary risk.
but if the contractor were to have some delay to its deliverable to your project, it is seen as a residual risk.
Comments?
The first case represents a “residual” risk, because the risk impact stays the same (choosing transfer as risk response is mainly to minimize the liability or to address a technical/ expertise gap in the company), so this will stay the same for the 1st case, thus it is a residual risk. As for the 2nd case, it is a secondary risk since the risk impact is different than primary risk impact. In this case, the impact could be delays to project schedule.
I hope this makes sense
Fahad – Your study notes which are basically an expert clarification has helped alot to me, i could review it time to time to check my understanding and i cleared my PMP exam with (2 Moderately Proficient and 3 Proficient) in my first attempt.
You are giving a great service to this community. God bless you.
Congratulation Nitesh for passing the PMP exam. I’m glad that my blog helped you in your study.
Thank You so much! this breaks it down very well!!
You’re welcome Niikay…
Please explain the difference b/w fall back plan, work around and contingency plan …all are same ?
Regarding fall back and contingency plan, you can read this blog post:
https://pmstudycircle.com/2012/02/contingency-plan-vs-fallback-plan/
And, workaround is an adhoc response when any unidentified risk occurs.
Thank you very much Fahad for your explanation . But I confused when can use response plan and contingency plan ??!!
Both plans (contingency and fall back) are risk response plan.
Fahad,
Thanks for your blog, I also bought your book the PMP Question Bank and so far, I am averaging approximately 82% (my goal is 85%). Kindly correct me if I am wrong, initially I thought contingency reserves were used for accepted– at least that’s what I think I read in another book-used when a proactive risk approached is being used). Then I realized this is not the case, but it rather applies when basically when using ” risk mitigation” where residual or secondary risks remain or come to existence.
Is my thought process wrong; kindly assist.
Btw, do you have other books of questions for the PMP exam, if, I would like to know how to obtain them.
VR
Yes. Contingency reserve is used for identified risks. Primary risks, secondary risks, residual risks, these are all identified risks.
No, I don’t have any other question bank accept the one that you already have with you.
Good luck on your PMP exam.