Residual Risks vs Secondary Risks
We face risks in our daily lives. In some cases, we try to avoid them. However, risks are inevitable situations that may affect our plans. The same goes for organizations and projects. Risks often increase the chance of injury or loss within the projects. However, a risk does not always have negative effects. Sometimes they may be positive. Positive risks have favorable impacts on project goals. Therefore project teams take actions to make them happen. Risks can also be categorized as identified and unidentified risks. Residual risks and secondary risks are the identified risks that you will create response plans to manage them if required.
In this article, we will discuss the residual risks and secondary risks by using examples.
Before to start, let’s take a glance at the basic risk management terms;
A risk is an uncertain event or condition. If it occurs, it will affect the project objectives (or at least one project objective). Basically, risks can be divided into two main categories;
Positive risks are the opportunities that may have positive impacts on the project’s objectives. On the other hand, negative risks are threats that may have negative impacts on the project’s objectives.
Therefore, risk response strategies to deal with negative risks are different than the strategies for positive risks.
Below are the risk response strategies for negative risks
Below are the risk response strategies for positive risks
As you see, escalate and accept can be used to manage both positive and negative risks.
Risk is an important concept in project management. Therefore, project managers should be trained in risk management to keep the risks at a minimum level for their project’s health. They must think about all aspects of their projects.
Simply put, risk management involves identifying, analyzing, and responding processes throughout the project life cycle.
According to The PMBOK® Guide, Secondary Risks are the risks that arise as a direct outcome of implementing a risk response.
In other words, after a risk identification process, risk is identified and a response plan is created. After the implementation of the risk response plan, a new risk that may originate from the implementation is called a secondary risk.
For better understanding, let’s analyze the example below.
Secondary Risk Example
Let’s assume that you are a project manager of a highway project. You excavated a trench to stop flowing rainwater on your worksite. However, there is a chance that during the night operations, a worker passing nearby may fall into the trench.
This is the secondary risk may originate from the excavation of the trench.
According to The PMBOK® Guide, Residual Risks are the risks that are expected to remain after the planned responses of risk has been taken, as well as those that have been deliberately accepted.
As per the definition, residual risks are those that can be excepted after a risk response plan implementation.
The limits of risk tolerance should be specified to decide if the amount of residual risk is acceptable or not.
If not, additional risk actions should be taken to minimize the effects of the risk.
For better understanding, let’s analyze the residual risk example.
Residual Risk Example
Let’s assume that you are a project manager of a bridge project and you have identified a risk that there is a chance of a storm in the next two days. By analyzing the historical records, you determined the maximum storm surge height and created a contingency plan considering the records.
The case of occurring a higher storm surge height is your residual risk and you have to create a fallback plan to manage it.
What are the Differences Between Residual Risks and Secondary Risks?
Below are the differences between residual risks and secondary risks
- Secondary risks are those that arise as a direct outcome of implementing a risk response. On the other hand, residual risks are expected to remain after the planned response of risk has been taken.
- Contingency plan is used to manage primary or secondary risks. Fallback plan is used to manage residual risks. (Note that if an identified risk occurs, you will implement the contingency plan, and if it becomes ineffective, you will implement the fallback plan.)
- Since the residual risks and secondary risks are identified risks, you will use the contingency reserve to manage them. (Not the management reserve because it is used for unidentified risks).
- If the residual risks and secondary risks do not require a response plan, you will monitor them.
Risk is any event or situation that can affect the project objectives. Risk management is an important step of project management that involves the identification, analysis, assessment, control, avoidance and minimization of risks.
Risk identification process should consider residual risks and secondary risks in order to avoid problems. If they are major and effective, a response plan or a contingency plan should be created. If they don’t require a response or a contingency plan, they should be monitored. The contingency reserve can be used to repair their potential damages.
According to the PMBOK Guide, Risk Management is one of the ten knowledge areas of project management. Therefore a project manager should be competent for risk management.
In this article, we discuss a few important risk management concepts. We hope that they will be useful for the aspirants who will take the PMP Certification Exam. If you want to share anything, please use the comments section below.