Monitoring residual and secondary risks forms an essential part of risk management and is a critical aspect to consider when preparing for the Project Management Institute Risk Management Professional (PMI-RMP) exam.
1. Understanding Residual Risks
Residual risks are the unattended risks after the risk response measures have been implemented. Even after implementing risk mitigation strategies, certain risks may persist, and these are known as residual risks.
For instance, a software development project may have a risk of software bugs. Despite rigorous testing and debugging, there might still be the residual risk of undetected bugs, which has to be taken into account.
To quantify the magnitude of residual risks, project managers often use risk assessment matrices. This process includes the steps of identifying the remaining likelihood and potential impact of each residual risk, then prioritizing them to guide risk management efforts effectively.
Table: Risk Assessment Matrix
Likelihood | Low Impact | Medium Impact | High Impact |
---|---|---|---|
Very Likely | High Residual Risk | ||
Likely | Medium Residual Risk | High Residual Risk | |
Unlikely | Low Residual Risk | Medium Residual Risk | High Residual Risk |
2. Secondary Risks
Secondary risks are the risks that arise as a direct consequence of implementing a risk response. The cascading effect of a risk response to one specific risk might stimulate other risks, which are termed secondary risks.
To illustrate, in response to the risk of delays in a construction project, the project manager might decide to accelerate some tasks. However, this might lead to secondary risks such as a cost overrun (due to overtime payments) or compromised quality (if tasks are rushed).
It’s crucial for the project manager to manage secondary risks proactively. This could involve risk reassessment after implementing the risk responses, updating the risk register, or applying contingency plans as needed.
Table: Secondary Risk Example
Triggering Risk | Risk Response | Secondary Risk |
---|---|---|
Possible Delays | Accelerate Tasks | Cost Overrun |
Compromised Quality |
3. Monitoring Residual & Secondary Risks
Monitoring residual & secondary risks ensures that you are not taken by surprise when these risks manifest. It involves regular reviews of the risk landscape, reassessment of risks, and making appropriate adjustments to risk responses.
Project management tools such as risk register updates and key performance indicators can help monitor these risks and ensure they are within acceptable thresholds.
In conclusion, managing residual and secondary risks provides a holistic approach to risk management – a crucial competency required for the PMI-RMP exam. This process allows for thorough risk planning, ensuring that all potential risks are considered and adequately handled. Understanding and effectively managing these types of risks not only helps in clearing the PMI-RMP exam but also aids in becoming a successful project manager in real-world situations.
Practice Test
True or False: Residual risks are those that remain after risk response planning has been implemented.
- True
- False
Answer: True
Explanation: Residual risks are the risks that remain after the risk response strategies have been implemented. They are not eliminated but are accepted and monitored throughout the project life cycle.
True or False: Secondary risks are produced as a direct result of implementing a risk response.
- True
- False
Answer: True
Explanation: Secondary risks are those risks that are a direct result of implementing a risk response. These risks are not initially identified and only exist as a result of implementing a risk response strategy.
In PMI Risk Management, what step follows the identification and evaluation of residual risks?
- a) Risk Assessment
- b) Risk Register review
- c) Risk Tracking
- d) Risk Strategy Implementation
Answer: b) Risk Register review
Explanation: After residual risks have been identified and evaluated, the next step is usually to review the Risk Register, which documents all identified risks, their characteristics, and their plans.
Who is primarily responsible for monitoring residual and secondary risks?
- a) Project Manager
- b) Risk Manager
- c) Stakeholders
- d) Project Team
Answer: a) Project Manager
Explanation: It is the responsibility of the project manager to monitor residual and secondary risks and take the necessary action if these risks occur.
True or False: Secondary risks can be positive or negative.
- True
- False
Answer: True
Explanation: Secondary risks, like any other risks, may have either positive (opportunities) or negative (threats) impacts on project objectives.
One of the best ways to monitor residual and secondary risks is:
- a) Create a new Risk Register
- b) Update the existing Risk Register
- c) Ignore them as they are insignificant
- d) Inform the stakeholders only
Answer: b) Update the existing Risk Register
Explanation: Keeping an updated Risk Register is one of the most efficient ways to continually monitor and control residual and secondary risks.
True or False: Residual risks are often higher in magnitude compared to primary risks.
- True
- False
Answer: False
Explanation: Residual risks are typically less in magnitude than the primary risks after response strategies have been implemented.
Secondary risks are identified during which phase of risk management?
- a) Risk Identification
- b) Risk Assessment
- c) Risk Response Planning
- d) Risk Monitoring and Control
Answer: c) Risk Response Planning
Explanation: Secondary risks are identified during the Risk Response Planning phase as they are a direct result of implementing a risk response.
True or False: Monitoring residual and secondary risks is an ongoing process.
- True
- False
Answer: True
Explanation: The monitoring of residual and secondary risks is a continuous process in the project’s lifecycle to ensure that risks are effectively managed.
The primary purpose of monitoring residual and secondary risks is to:
- a) Identify new risks
- b) Ensure risk responses are effective
- c) Predict future risks
- d) Determine the risk appetite of stakeholders
Answer: b) Ensure risk responses are effective
Explanation: The primary purpose of monitoring residual and secondary risks is to ensure that the risk responses are effective and that the risks are adequately managed.
True or False: Secondary risks can be ignored as they are derived risks.
- True
- False
Answer: False
Explanation: Secondary risks, despite being derived or a direct outcome of implementing a risk response, should be managed and monitored like any other primary or residual risks.
True or False: Residual and secondary risks are usually documented in the risk register.
- True
- False
Answer: True
Explanation: A risk register is a project management tool where all the information about the identified risks, including residual and secondary, is stored and routinely updated throughout the project cycle.
True or False: The impact of residual risks on a project is usually low.
- True
- False
Answer: True
Explanation: Residual risks, by definition, are remaining risks after all risk response strategies have been implemented. Hence, their impact is generally considered and accepted to be lower.
True or False: Secondary risks are always negative.
- True
- False
Answer: False
Explanation: Secondary risks, like all other risks, could be either threats (negative) or opportunities (positive), depending on their potential impact on the project’s objectives.
Risk reassessment should be conducted:
- a) Only when risks occur
- b) Regularly through the project lifecycle
- c) Only during the initial stages of a project
- d) At the end of the project
Answer: b) Regularly through the project lifecycle
Explanation: Risks, including residual and secondary, are dynamic, and their nature or impact can change over time. Hence, risk reassessment should be performed regularly throughout the project lifecycle.
Interview Questions
What is residual risk in project management?
Residual risk refers to the risk that remains after all risk response activities have been conducted in a project. It is the remaining level of risk after risk management strategies have been implemented.
How does residual risk differ from secondary risk?
While residual risk refers to the risk that remains after all risk response activities, secondary risk is a risk that arises as a direct outcome of implementing a risk response.
What is the main purpose of monitoring residual and secondary risks in project management?
The main purpose is to ensure that these risks are continually identified, assessed and managed. Changes to the project can lead to new risks or changes in existing risks, so ongoing monitoring is critical to effective risk management.
Can a properly implemented risk response completely eliminate a risk?
No, a risk response can typically reduce a risk, but it rarely eliminates it entirely. The remaining risk after risk responses have been implemented is known as the residual risk.
How should project managers address residual risks?
Residual risks should be identified, assessed and documented. Further risk response actions may be required if the level of residual risk is still too high.
Can secondary risks become more significant than the primary risks from which they arise?
Yes, in some cases, secondary risks can indeed become more significant. As such, these risks also need to be effectively identified, assessed and managed.
What factors can influence the level of residual risk in a project?
Factors can include the effectiveness of risk responses, changes in the project, the occurrence of risk events, and changes in the project’s external environment.
Why is it important to continually monitor secondary risks?
Secondary risks can evolve and increase in severity as the project progresses, so continual monitoring is critical to ensure they are effectively managed and don’t jeopardize the project’s success.
Why should residual risks be regularly reassessed?
Reassessing residual risks can help you discover if the risks have increased or decreased and whether additional risk response measures are needed.
What are the elements of a good secondary risk monitoring plan?
A good secondary risk monitoring plan should include risk identification processes, risk ranking methods, tracking of risk mitigation efforts, escalation procedures, and regular review schedules.
When should project managers conduct primary risk planning and secondary risk planning?
Primary risk planning should be conducted during project initiation and planning phases, while secondary risk planning should be conducted during the project execution phase and continued throughout the project lifecycle.
Who should be involved in the monitoring of residual and secondary risks?
Monitoring of residual and secondary risks should be a collaborative effort involving project team members, stakeholders, and risk management personnel.
What tools or strategies can be used to monitor residual and secondary risks?
Techniques can include regular risk audits, risk reassessments, performance measurement and reporting, and using risk management software tools.
How can project managers prepare for secondary risks?
Project managers can prepare for secondary risks by ensuring adequate resources for risk management, updating the risk register regularly, and providing training for team members on risk identification and management.
Can a risk become both residual and secondary risk?
Yes, a risk that remains after risk response actions (residual risk) can trigger a new risk (secondary risk). These risks need to be effectively identified, assessed, and managed to prevent the project from derailment.