Risk Management: Residual Risk vs Secondary Risk for PMP Exam

In Risk Management Knowledge Area of the PMBOK® Guide, apart from the primary risks — which are uncertain events that may have impacts (either positive or negative) on the project objectives if occur, there are also residual risks and secondary risks. All these types of risks must be identified, analyzed, monitored and taken care of throughout the project by the project manager. This post will expound on the similarities and differences of the two kinds of risks and what Aspirants would need to know for the exam.

Residual Risk vs Secondary Risk

• Residual Risk: the risk(s) that remains after carrying out the risks response or those risks that are accepted without any risk responses (maybe the cost for the risk response is more than the cost of dealing with it)
  • residual risks must be identified and documented during the risk management process
  • a contingency reserve should be set up to tackle these risks should these kinds of risks arise
• Secondary Risk: the risk(s) that are created directly owing to the implementation of a risk response for primary risks
  • since every activity involves risks — the risk responses themselves are no exception, implementation of a risk response will result in new risks for the project
  • a risk response plan would need to be planned and implemented to tackle this kind of risks
  • secondary risks may be accepted without further actions if their impact are small on the overall project objectives

Illustrated Example

When planning the study schedule for your exam, the primary risks that may affect your study schedule are:

• suddenly be fully engaged with a new project during exam prep that leaves no time for studying
• fall ill during exam prep
• change of the exam syllabus
• ……

One risk response activity for not finding enough study time owing to professional engagement would be to begin the exam prep in a low season (i.e. avoid the peak seasons) by taking reference to the work pattern for the previous years.

• The residual risk for this risk response would be: an unexpected large-scale project comes up during your exam prep. In that case, you may need to set aside budget (a “known unknown” — from contingency reserve) to postpone your PMP Exam in order to find enough time for studying.

The risk response activity for avoiding falling ill during exam prep would be taking vaccination for five of the most common contagious disease at the time of exam prep.

• The secondary risk for this risk response would be the vaccines themselves may cause side effects (including prolonged fatigue or headache) or even cause infection. A risk response plan may need to be created for this secondary risk.
• As there are countless variety of germs/toxins that can cause illnesses, the 5 vaccines taken may just be able to protect you against a portion of the most common diseases. You can still be exposed to some less common diseases — this is the residual risk.

Summary

Risks are inevitable. In addition to the primary risks, there are also residual and secondary risks for the PMP Exam.

Aspirants would need to understand the differences between Residual Risk and Secondary Risk:

• Residual Risks are risks that are left over after implementing a risk response
• Secondary Risks are risks that are created directly by implementing a risk response

Additional FREE PMP resources: 47+ Commonly Confused Term Pairs with detailed explanations. If you found this article useful, you may wish to reference other Commonly Confused Term articles.