Today we will discuss residual risk.
I have explained residual risks in my post on types of risk, but here I will explain this risk management concept in detail.
Many professionals think residual risks are unknown risks and that we use a fallback plan and management reserve if they occur.
Understand that residual risks are identified risks. You will carry out the contingency plan if any identified risk occurs and then apply the fallback plan if the contingency plan fails.
You will use the contingency reserve because it is for identified risks.
Management reserves are for unidentified risks.
Residual Risk
You have identified risks and developed a response plan. However, when this does not completely remove the risk, the remainder is called residual risk.
Definition: According to the PMBOK Guide, “residual risks are those risks that are expected to remain after the planned responses of risks have been taken, as well as those that have been deliberately accepted.”
Example of a Residual Risk
Let’s say you have identified that it may rain for one to two hours. Therefore, you have created a contingency plan to manage this risk.
But what happens if the rain falls for over two hours?
You have to develop a fallback plan.
This is an example of residual risk.
As a project manager, you must evaluate residual risks properly. If it is a low priority, keep it on the watch list. You will develop a risk response plan to mitigate the impact of high-priority risks.
Please note that for all risks, if the trigger hits, you will implement the response plan. This plan can be a contingency or a fallback plan.
You will implement the contingency plan for a primary or secondary risk and the fallback plan for residual risks.
You will use the contingency reserve if these risks occur, not the management reserve. The contingency reserve is for identified risks, and the management reserve is for unidentified risks.
Calculating Residual Risk
To calculate the residual risk, you must know the inherent risk as residual risk equals the inherent risk minus the impact of risk control.
Residual Risk = Inherent Risk – Impact of Control Risk
Inherent risk is the risk present when no attempts are made to mitigate or control risks.
How to Manage Residual Risks
To manage residual risks, you need to understand the concept of the acceptable level of risk. The acceptable level of risk depends on the risk attitude of the organization.
It is up to the organization to decide if they want to operate in high-risk or low-risk environments.
You will manage the residual risks as follows:
- No Action: If the residual risk is below the acceptable level, you won’t take any action to manage the risk but keep it on the watch list for monitoring.
- Develop Risk Response Plan: If the residual risk is above the acceptable level, you will develop a risk response plan to manage it.
- Accept the Risk: If the residual risk is above the acceptable limit, but the cost of mitigation is more than the risk, you will accept the risk and develop the risk response plan.
Summary
Project managers often ignore residual risks and don’t develop a response plan for them. They only focus only on primary risks. Don’t do this. Residual risks are equally important, and ignoring them can affect your project objectives.
This topic is important from a PMP exam point of view. Therefore, understand it well.
I am Mohammad Fahad Usmani, B.E. PMP, PMI-RMP. I have been blogging on project management topics since 2011. To date, thousands of professionals have passed the PMP exam using my resources.
