Concepts
Residual Risks refer to those that remain after planned responses have been implemented. On the other hand, Secondary Risks are those that arise as a direct consequence of implementing a risk response.
1. UNDERSTANDING RESIDUAL AND SECONDARY RISKS:
1.1 Residual Risks: In project management, every risk response plan’s objective is to reduce the risk to an acceptable level. However, in the real world, it’s nearly impossible to completely eliminate all risks. The remaining risks, after the project response strategy has been executed, are known as Residual Risks. They are smaller in size and manageable within the project constraints.
For example, a software development company might mitigate the risk of cybersecurity threats by implementing rigorous security protocols. However, the minute residual risk of a potential security breach by a sophisticated hacker may still persist.
1.2 Secondary Risks: These are risks that materialize as a result of implementing a risk response. They are not part of the original set of identified project risks, but emerge as unintended consequences of the strategies implemented to manage those original risks.
Suppose a project manager chooses to expedite a project to mitigate the risk of missing the deadline. A secondary risk might be that the quality of the final output suffers due to the hastened pace of work.
2. MONITORING AND CONTROLLING RESIDUAL AND SECONDARY RISKS:
2.1 Monitoring Residual Risks: The PMI-RMP emphasizes the need for constant monitoring and control of residual risks. This is done through continuous risk assessments, usually embedded within the project monitoring and control processes. Techniques may include variance and trend analysis, technical performance measurement, and reserve analysis. Identifying residual risks early helps in formulating effective strategies, thereby minimizing their impact on project objectives.
2.2 Controlling Secondary Risks: As secondary risks arise from the response to an original risk, they are often unpredictable. The key to controlling secondary risks lies in deliberately planning and strategizing responses, considering the possibility of new risks and monitoring closely for their occurrence post-response execution.
In incident management, for instance, implementing a backup system to mitigate data loss risks might trigger secondary risk of system overloads.
Table 1: Comparative Analysis of Residual and Secondary Risks
| Parameter | Residual Risks | Secondary Risks |
|---|---|---|
| Definition | Risks that remain after the response strategy has been executed | Risks that emerge from the execution of a risk response |
| Cause | Inherent aspects of the original risk not completely addressed by the risk response | Consequences of the risk response strategy |
| Management | Focus on monitoring and control within project processes | Focus on strategic response planning and vigilant monitoring |
Remember, project risks, whether primary, residual, or secondary, are part and parcel of any project. Being well-prepared and having a robust risk management plan signifies good project management. Learning to foresee and prepare for residual and secondary risks is a vital skill for aspiring PMI-RMP certified professionals. Implement proactive measures, keep the communication transparent and learn from past experiences to enhance your project’s success chances.
Answer the Questions in Comment Section
Monitoring residual risk is a proactive step to manage known risks that remain after risk response planning.
- A) True
- B) False
Answer: A) True
Explanation: Monitoring residual risks is an essential aspect of effective risk management. These are the risks that persist after all planned risk responses have been implemented.
In the context of project management, secondary risks are those that are created as a direct result of implementing a risk response.
- A) True
- B) False
Answer: A) True
Explanation: Secondary risks arise as a result of implementing a risk response. These are new risks introduced into the project due to the chosen response strategy.
Which of the following correctly defines residual risk?
- A) The risk that remains after risk responses have been implemented.
- B) The risk that arises as a result of implementing a risk response.
- C) Both A and B
- D) Neither A nor B
Answer: A) The risk that remains after risk responses have been implemented.
Explanation: Residual risks are those risks that remain after all risk responses have been implemented.
Monitoring residual risks is not necessary once a risk response plan has been implemented.
- A) True
- B) False
Answer: B) False
Explanation: Even after a risk response plan is implemented, it is crucial to monitor residual risks as they are the risks that still exist.
Secondary risks can be eliminated by effective initial risk responses.
- A) True
- B) False
Answer: B) False
Explanation: Secondary risks are created as a direct response to initial risk handling. Thus, even with effective initial responses, there can still be secondary risks.
Which of these is NOT a step in monitoring residual risks?
- A) Continual risk identification
- B) Risk reassessment
- C) Implementation of fallback plans
- D) Ignoring risks once treated.
Answer: D) Ignoring risks once treated.
Explanation: Ignoring risks once treated is a neglectful approach. Instead, it is necessary to keep monitoring risks even after treatment.
Risks that appear as a result of changes made to manage other risks are termed ________
- A) Primary risks
- B) Residual risks
- C) Secondary risks
- D) Tertiary risks
Answer: C) Secondary risks
Explanation: Secondary risks are those that arise as a direct consequence of implementing a risk response.
Secondary risks are not insightful and should not be given priority.
- A) True
- B) False
Answer: B) False
Explanation: Secondary risks can be quite significant and insightful to the project future, therefore they should not be dismissed or underestimated.
Residual risks usually have a higher risk priority than secondary risks.
- A) True
- B) False
Answer: A) True
Explanation: Yes, typically, residual risks might have a higher risk priority than secondary risks because they are the ones that still persist after a response plan.
Risk monitoring includes recording and reporting risk management actions, residual risks, and secondary risks.
- A) True
- B) False
Answer: A) True
Explanation: Effective risk monitoring involves recording and reporting not only risk management actions but also the presence of any residual and secondary risks.
Secondary risks are easier to identify than residual risks.
- A) True
- B) False
Answer: B) False
Explanation: Secondary risks are not easier to identify than residual risks because they only occur as a direct result of implementing a risk response, therefore they can be unpredictable.
Residual risks are typically lower in magnitude than secondary risks.
- A) True
- B) False
Answer: A) True
Explanation: Typically, residual risks are lower in magnitude than secondary risks as they are the risks that remain after risk responses have been planned and implemented.
Great post! Monitoring residual and secondary risks is crucial for any risk management strategy.
Could someone explain the difference between residual and secondary risks?
Thank you for this insightful post.
Very informative. Monitoring these risks often gets overlooked!
This was helpful, appreciate the detailed information.
While the post was good, I think it didn’t cover enough about tools for monitoring risks.
To monitor secondary risks, do we need a different risk management plan?
Monitoring residual risks helps in ensuring that the risk responses are effective in reducing the impact.
Correct, it provides a feedback loop that enhances your risk management process.