Preparing for the PMI Risk Management Professional exam necessitates a keen understanding of secondary and residual risks that may occur during the response implementation phase of the project. It is a pivotal skill that helps the risk management professional to make accurate estimates, anticipate potential obstacles, and plan effective countermeasures.
I. Understanding Secondary and Residual Risks
Secondary risks are the risks that arise as a direct result of implementing a risk response. They are essentially a new set of risks that would not have existed had the risk response not been implemented. For example, suppose a project team decides to outsource a portion of their project to a third-party vendor as a risk response to completing their project on time. The secondary risk could be the potential lack of quality control associated with the vendor’s output, which could adversely affect the project.
On the other hand, residual risks are those risks that remain even after the response strategies have been implemented. They are not new risks, like secondary risks, but are the leftover uncertainty of the original risk after the response has been put in place. For example, even if the project is outsourced to a third-party vendor to mitigate the risk of delayed completion, there may be residual risks, such as for the vendor not meeting the project deadline or delivering sub-optimal results.
Secondary Risk | Residual Risk | |
---|---|---|
Definition | A new risk that arises from a risk response | Risk that remains after a risk response |
Example | Potential lack of quality control when outsourcing to mitigate completion delays | The risk of the vendor not meeting the deadline despite outsourcing |
II. Evaluating Secondary and Residual Risks
Just as with all other risks, secondary and residual risks also need to be identified, analyzed, and assessed for determining their impact on the project. This involves identifying potential secondary and residual risks that could arise from each particular risk response and estimating their probability and impact on the project’s objectives. The evaluation helps in planning for these risks in advance, mitigating their potential effect, and avoiding any surprising complications in the project’s lifecycle.
III. Reacting to Secondary and Residual Risks
Reacting to secondary and residual risks requires a holistic approach, grounded in comprehensive risk management practices. You would need to ensure both types of risks are included in the overall risk management plan, with appropriate response strategies designed for each.
- For secondary risks: Implement a monitoring system wherein the secondary risks are continuously monitored and reviewed to prevent any sudden increase in their impact or probability.
- For residual risks: Ensure there’s always a contingency or fallback plan in place if the original risk response isn’t fully effective. You can also use these residual risks as a reminder to continually reassess and refine your risk responses.
The cultural ethos of the organization also plays a significant role in managing secondary and residual risks. Cultivating a risk-aware culture, where team members recognize the importance of risk management and actively participate in the risk identification and response planning process, aids in effectively controlling these risks.
Overall, as serious candidates for the PMI-RMP exam, it is crucial for you to grasp the unique nature of secondary and residual risks from the response implementation phase. Not only it improves your understanding of effective risk management strategies, but it also enables you to handle potential risks with a steady hand and a clear mind, be it in the examination or professional settings.
Practice Test
True or False: Secondary risks are those risks that occur as a direct response of implementing a risk response.
- True
- False
Answer: True.
Explanation: Secondary risks are indeed those that arise as a direct result of implementing a risk response.
Residual risks are:
- A. Risks that remain after risk responses have been implemented
- B. Risks that arise from the risk response itself
- C. Newly identified risks
- D. None of the above
Answer: A. Risks that remain after risk responses have been implemented.
Explanation: Residual risks are those that remain after all identified risk responses have been implemented.
True or False: Secondary and residual risks need to be continuously monitored and managed.
- True
- False
Answer: True.
Explanation: Like all risks, secondary and residual risks need to be continuously monitored and managed to ensure they don’t cause unexpected problems.
Which of the following best describes the purpose of evaluating secondary and residual risks?
- A. To predict future risks
- B. To understand the impact of risk responses
- C. To eliminate all risks
- D. None of the above
Answer: B. To understand the impact of risk responses.
Explanation: Evaluating secondary and residual risks helps us understand the impact of the risk responses that have been implemented, and not necessarily predict future or eliminate all risks.
Secondary risks arise from:
- A. Risk responses
- B. Initial risks
- C. Residual risks
- D. All of the above
Answer: A. Risk responses.
Explanation: Secondary risks are specifically those that arise from the implementation of a risk response.
True or False: Prioritizing residual and secondary risks follows different principles than other risks in the project.
- True
- False
Answer: False.
Explanation: Prioritizing residual and secondary risks follows the same principles as other risks – evaluate their potential impact and probability.
Which of the following should not be considered when evaluating secondary and residual risks?
- A. The probability of the risk event
- B. The severity of the potential impact
- C. The cost of implementing the risk response
- D. The weather on the day of risk assessment
Answer: D. The weather on the day of risk assessment.
Explanation: The weather is generally not a factor in evaluating secondary and residual risks.
True or False: Once a risk has been addressed it can’t evolve into a secondary risk.
- True
- False
Answer: False.
Explanation: A risk can indeed evolve into a secondary risk as a result of the risk response.
All of the following are strategies for managing residual risk EXCEPT:
- A. Acceptance
- B. Transference
- C. Mitigation
- D. Ignorance
Answer: D. Ignorance.
Explanation: Ignorance is not a strategy for managing residual risk – it should always be identified, analyzed and monitored.
True or False: Secondary risks can have higher impact than original risks.
- True
- False
Answer: True.
Explanation: Secondary risks can indeed have a higher impact than the original risks – their potential impact should always be assessed carefully.
The secondary and residual risks should be included in:
- A. Risk Register
- B. Project schedule
- C. Cost forecast
- D. All of the above
Answer: A. Risk Register.
Explanation: Risk Register is a document where all identified risks are recorded including secondary and residual risks.
True or False: You only need to plan for residual risks if they are likely to occur.
- True
- False
Answer: False.
Explanation: Even if residual risks are not likely to occur, there should still be plans in place to address them should they happen.
Secondary risks are typically managed through which of the following strategies?
- A. Acceptance
- B. Enhancing
- C. Exploiting
- D. None of the above
Answer: A. Acceptance.
Explanation: Secondary risks, emanating from the act of managing risks, are typically managed through acceptance strategy as long as they are within the projects risk tolerances and limits.
True or False: Secondary risks and residual risks are the same
- True
- False
Answer: False.
Explanation: Secondary risks and residual risks are distinct. Secondary risks arise from the response of a risk, while residual risks are those that remain after risk responses have been applied.
An effective risk response plan should:
- A. Eliminate all secondary and residual risks
- B. Minimize the impact of secondary and residual risks
- C. Ignore secondary and residual risks
- D. Enhance secondary and residual risks
Answer: B. Minimize the impact of secondary and residual risks.
Explanation: The aim of a risk response plan is to minimize the impact of all risks, including secondary and residual risks. It does not aim to eliminate, ignore or enhance these risks.
Interview Questions
What is secondary risk in project management?
Secondary risks, in project management, refer to the risks occurring as a direct outcome of implementing a response, to counter the primary risk.
Define residual risks in project management.
Residual risks are the leftover risks that exist after the risk responses have been implemented. These risks are generally accepted and monitored throughout the project.
How do you evaluate secondary and residual risks from the response implementation?
Secondary and residual risks are evaluated by conducting a risk reassessment. Risk reassessment helps to determine if the risk responses were effective and if there are any new or changed risks.
What is the purpose of evaluating secondary and residual risks in project management?
The purpose of evaluating secondary and residual risks is to determine if the risk response plan needs to be revised or not, ensuring the project stays on track and within its cost and time constraints.
What is the difference between secondary and residual risks?
Secondary risks arise as a result of implementing a risk response, while residual risks are risks that remain after the risk responses have been implemented.
How would you manage secondary risks?
Secondary risks are managed like any other project risk—they need to be identified, evaluated, and a response needs to be planned. The management strategy could include transferring the risk, mitigating it, accepting it, or avoiding it.
Why is it necessary to monitor residual risks?
It is necessary to monitor residual risks to ensure they do not escalate and negatively impact the project. If residual risks are not regularly monitored and controlled, they can become bigger threats.
What tool can be used to evaluate and monitor secondary and residual risks?
One of the most common tools used to evaluate and monitor residual and secondary risks is the risk register. It helps in tracking and reporting the status and results of the risk handling process.
How does contingency planning assist the response implementation and management of secondary and residual risks?
Contingency planning offers backup plans or alternative courses of action if residual or secondary risks do impact the project. This helps prepare the project team and ensures quick action in case these risks become issues.
If a secondary risk occurs, what should be the first course of action?
If a secondary risk occurs, first, it should be documented and assessed in terms of the impact and the likelihood of occurrence. After that, a risk response strategy needs to be formulated. It’s essential for the team to continuously monitor this risk.
What role does communication play in managing secondary and residual risks?
Effective communication is critical in risk management. It ensures that everyone involved in the project is aware of both secondary and residual risks and understands the risk response plans and their own responsibilities.
How can realistic project scheduling and costing help with the response implementation and management of secondary and residual risk?
Realistic scheduling and costing provide buffers for secondary and residual risk management. They ensure there are resources available to manage these risks and keep the project on track without affecting the project’s cost structure and timeline.
Can we entirely eliminate secondary and residual risks?
While we can minimise residual and secondary risks, they cannot be entirely eliminated. Hence, the focus needs to be on managing them effectively to reduce their impact on the project.
When dealing with secondary and residual risks, what are common pitfalls in the response implementation?
Some common pitfalls might include inadequate risk identification, poor evaluation methods, ineffective communication, and lack of regular monitoring and control. Avoiding these can ensure more effective management of secondary and residual risks.
Can risk responses create new secondary risks?
Yes, responses to initial risks can sometimes lead to new secondary risks. That is why it is essential to evaluate and monitor secondary risks in the risk management process. It ensures that no new risks are introduced, or if they are, that they are effectively managed.