Today we will discuss residual risks vs secondary risks.

I have explained the residual risk and secondary risk in my post on the type of risk. But I have seen many professionals have issues with understanding these two.

Let’s look at both risk management concepts in detail

Residual Risks vs Secondary Risks

Many professionals think residual and secondary risks are unknown risks and that we use a fallback plan and management reserve if they occur.

Please understand this: residual and secondary risks are identified risks. You will carry out the contingency plan if any identified risk occurs, then apply the fallback plan if the contingency plan fails. 

In both cases, you will use the contingency reserve because it is for identified risks. Management reserves are for unidentified risks. 

Let’s dive deeper.

Residual Risks

You have identified risks and developed a response plan. However, when this does not completely remove the risk, the remainder is called residual risk.

According to the PMBOK Guide, “residual risks are those risks that are expected to remain after the planned responses of risks have been taken, as well as those that have been deliberately accepted.”

Example of a Residual Risk

Let’s say you have identified that it may rain for one to two hours. Therefore, you have created a contingency plan to manage this risk.

But, what happens if the rain falls for over two hours?

You have to develop a fallback plan. 

This is an example of residual risk.

As a project manager, you must ensure that residual risks are evaluated properly. If it is a low priority, keep it on the watch list. You will develop a risk response plan to mitigate the impact of high-priority risk. 

Please note that for all risks, if the trigger hits, you will implement the response plan. This plan can be a contingency or a fallback plan.

You will implement the contingency plan for a primary or secondary risk, and the fallback plan for residual risk.

You will use the contingency reserve if any of these risks occur, not the management reserve. The contingency reserve is for identified risks, and the management reserve is for unidentified risks.

Secondary Risks

A risk is an uncertain event that can affect your project objectives.

You will develop a risk response plan to manage it. Often, this response can create a new risk, a secondary risk.

According to the PMBOK Guide, “Secondary risks are those risks that arise as a direct result of implementing a risk response.”

Simply put, your response plan for risk caused a new risk. The new risk is known as a secondary risk.

Example of Secondary Risks

Let’s say you have excavated a trench to stop animals. However, it’s possible that pedestrians may fall into the trench.

This is an example of secondary risk.

If your response plan creates a secondary risk, you will analyze it and develop a risk response plan, if required. 

If the impact is very low, you will just keep it on the watch list.


Residual and secondary risks are often ignored, and project managers don’t develop a response plan. They only focus only on primary risks. Don’t do this. Secondary and residual risks are equally important. Ignoring them will jeopardize your project’s success.

Here is where the post on residual risk vs secondary risk ends, and I hope I’ve illuminated the differences for you.

Please share your experience with managing secondary and residual risks in the comments section.