Concepts

Residual Risks refer to those that remain after planned responses have been implemented. On the other hand, Secondary Risks are those that arise as a direct consequence of implementing a risk response.

1. UNDERSTANDING RESIDUAL AND SECONDARY RISKS:

1.1 Residual Risks: In project management, every risk response plan’s objective is to reduce the risk to an acceptable level. However, in the real world, it’s nearly impossible to completely eliminate all risks. The remaining risks, after the project response strategy has been executed, are known as Residual Risks. They are smaller in size and manageable within the project constraints.

For example, a software development company might mitigate the risk of cybersecurity threats by implementing rigorous security protocols. However, the minute residual risk of a potential security breach by a sophisticated hacker may still persist.

1.2 Secondary Risks: These are risks that materialize as a result of implementing a risk response. They are not part of the original set of identified project risks, but emerge as unintended consequences of the strategies implemented to manage those original risks.

Suppose a project manager chooses to expedite a project to mitigate the risk of missing the deadline. A secondary risk might be that the quality of the final output suffers due to the hastened pace of work.

2. MONITORING AND CONTROLLING RESIDUAL AND SECONDARY RISKS:

2.1 Monitoring Residual Risks: The PMI-RMP emphasizes the need for constant monitoring and control of residual risks. This is done through continuous risk assessments, usually embedded within the project monitoring and control processes. Techniques may include variance and trend analysis, technical performance measurement, and reserve analysis. Identifying residual risks early helps in formulating effective strategies, thereby minimizing their impact on project objectives.

2.2 Controlling Secondary Risks: As secondary risks arise from the response to an original risk, they are often unpredictable. The key to controlling secondary risks lies in deliberately planning and strategizing responses, considering the possibility of new risks and monitoring closely for their occurrence post-response execution.

In incident management, for instance, implementing a backup system to mitigate data loss risks might trigger secondary risk of system overloads.

Table 1: Comparative Analysis of Residual and Secondary Risks

Parameter Residual Risks Secondary Risks
Definition Risks that remain after the response strategy has been executed Risks that emerge from the execution of a risk response
Cause Inherent aspects of the original risk not completely addressed by the risk response Consequences of the risk response strategy
Management Focus on monitoring and control within project processes Focus on strategic response planning and vigilant monitoring

Remember, project risks, whether primary, residual, or secondary, are part and parcel of any project. Being well-prepared and having a robust risk management plan signifies good project management. Learning to foresee and prepare for residual and secondary risks is a vital skill for aspiring PMI-RMP certified professionals. Implement proactive measures, keep the communication transparent and learn from past experiences to enhance your project’s success chances.

Answer the Questions in Comment Section

Monitoring residual risk is a proactive step to manage known risks that remain after risk response planning.

  • A) True
  • B) False

Answer: A) True

Explanation: Monitoring residual risks is an essential aspect of effective risk management. These are the risks that persist after all planned risk responses have been implemented.

In the context of project management, secondary risks are those that are created as a direct result of implementing a risk response.

  • A) True
  • B) False

Answer: A) True

Explanation: Secondary risks arise as a result of implementing a risk response. These are new risks introduced into the project due to the chosen response strategy.

Which of the following correctly defines residual risk?

  • A) The risk that remains after risk responses have been implemented.
  • B) The risk that arises as a result of implementing a risk response.
  • C) Both A and B
  • D) Neither A nor B

Answer: A) The risk that remains after risk responses have been implemented.

Explanation: Residual risks are those risks that remain after all risk responses have been implemented.

Monitoring residual risks is not necessary once a risk response plan has been implemented.

  • A) True
  • B) False

Answer: B) False

Explanation: Even after a risk response plan is implemented, it is crucial to monitor residual risks as they are the risks that still exist.

Secondary risks can be eliminated by effective initial risk responses.

  • A) True
  • B) False

Answer: B) False

Explanation: Secondary risks are created as a direct response to initial risk handling. Thus, even with effective initial responses, there can still be secondary risks.

Which of these is NOT a step in monitoring residual risks?

  • A) Continual risk identification
  • B) Risk reassessment
  • C) Implementation of fallback plans
  • D) Ignoring risks once treated.

Answer: D) Ignoring risks once treated.

Explanation: Ignoring risks once treated is a neglectful approach. Instead, it is necessary to keep monitoring risks even after treatment.

Risks that appear as a result of changes made to manage other risks are termed ________

  • A) Primary risks
  • B) Residual risks
  • C) Secondary risks
  • D) Tertiary risks

Answer: C) Secondary risks

Explanation: Secondary risks are those that arise as a direct consequence of implementing a risk response.

Secondary risks are not insightful and should not be given priority.

  • A) True
  • B) False

Answer: B) False

Explanation: Secondary risks can be quite significant and insightful to the project future, therefore they should not be dismissed or underestimated.

Residual risks usually have a higher risk priority than secondary risks.

  • A) True
  • B) False

Answer: A) True

Explanation: Yes, typically, residual risks might have a higher risk priority than secondary risks because they are the ones that still persist after a response plan.

Risk monitoring includes recording and reporting risk management actions, residual risks, and secondary risks.

  • A) True
  • B) False

Answer: A) True

Explanation: Effective risk monitoring involves recording and reporting not only risk management actions but also the presence of any residual and secondary risks.

Secondary risks are easier to identify than residual risks.

  • A) True
  • B) False

Answer: B) False

Explanation: Secondary risks are not easier to identify than residual risks because they only occur as a direct result of implementing a risk response, therefore they can be unpredictable.

Residual risks are typically lower in magnitude than secondary risks.

  • A) True
  • B) False

Answer: A) True

Explanation: Typically, residual risks are lower in magnitude than secondary risks as they are the risks that remain after risk responses have been planned and implemented.

0 0 votes
Article Rating
Subscribe
Notify of
guest
36 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Graciela Véliz
7 months ago

Great post! Monitoring residual and secondary risks is crucial for any risk management strategy.

Tos Teeuwen
7 months ago

Could someone explain the difference between residual and secondary risks?

Purificación Román
7 months ago

Thank you for this insightful post.

Antonios Reichert
8 months ago

Very informative. Monitoring these risks often gets overlooked!

Palmira Vieira
8 months ago

This was helpful, appreciate the detailed information.

عباس حیدری
8 months ago

While the post was good, I think it didn’t cover enough about tools for monitoring risks.

Amol Bangera
8 months ago

To monitor secondary risks, do we need a different risk management plan?

Olivia Moreau
6 months ago

Monitoring residual risks helps in ensuring that the risk responses are effective in reducing the impact.

Megan Reynolds
6 months ago
Reply to  Olivia Moreau

Correct, it provides a feedback loop that enhances your risk management process.

36
0
Would love your thoughts, please comment.x
()
x