Residual Risk Vs. Secondary Risk

You've probably heard about residual and secondary risks in a project without knowing exactly what they are. In this article, we will attempt to clarify the distinctions between them.

We are all exposed to dangers daily. We may worry, try not to take obvious risks, and even avoid them, but risks are unavoidable; they will ultimately find their way into our lives. Business organizations are no exception. Risk is "the exposure to the possibility of damage or loss - a hazard or risky possibility."

In the PMBOK® Guide, the risk is defined as "an unknown occurrence or circumstance that, if it occurs, will have an impact on at least one project goal." A risk does not automatically endanger a project. It is also possible for a risk event to have a positive effect on a project.

Project managers must be trained in risk management to keep risks to a minimum in their projects. It means that project managers need to be able to think outside the box and avoid repeating themselves. In risk management, risk factors are recognized, assessed, and managed throughout the life cycle of a project.

What Kinds of Risks Exist?

Activities may contain secondary and residual hazards and the primary risk inherent in each undertaking. Let's compare residual risk to secondary risk.

Before we begin, let's look into some fundamental risk management terminology.

What is the Risk?

Risk is the unpredictability of an occurrence or circumstance. If this occurs, it will impact the project's objectives (or at least one project objective). Risks are broadly classified into two groups −

  • Positive risk

  • Negative risk

Positive risks are opportunities that might positively influence the project's goals. Negative risks, on the other hand, may negatively influence the project's objectives.

As a result, risk response techniques for negative risks differ from those for positive risks.

The risk response options for negative risk are listed below.

  • Escalate

  • Mitigate

  • Transfer

  • Avoid

  • Accept

The risk response options for positive risk are listed below.

  • Raise the stakes

  • Improve

  • Take advantage of

  • Acceptance

  • Share

Now, let us get back to understanding secondary risks and residual risks.

What are Secondary Risks?

According to The PMBOK® Guide, secondary risks occur directly from executing a risk solution.

In other words, the risk is detected, and a response plan is developed following a risk identification process. Following the execution of the risk response plan, a new risk that may arise due to implementation is referred to as a secondary risk.

Secondary Risks Example

Assume you've dug a trench to keep animals out. Pedestrians, on the other hand, may tumble into the trench. This is an instance of secondary risk.

If your response strategy produces a secondary risk, you will examine it and, if necessary, construct a risk response plan.

You will keep the impact on your watch list if the impact is negligible.

Residual Risks: What are They?

In the PMBOK® Guide, residual risks are expected to persist even after risk actions have been implemented. Furthermore, they are voluntary acceptances.

According to the definition, residual risks are those that can be tolerated following the adoption of a risk response strategy. Risk tolerance thresholds should be set to determine if the residual risk level is acceptable.

If not, additional risk management actions should be performed to mitigate the risk's impacts.

Residual Risk Example

Assume you've determined that it will rain for one to two hours. As a result, you've devised a strategy to deal with this danger.

But what if the rain continues for more than two hours?

It would be wise if you designed a backup strategy.

This is an example of residual risk.

As a project manager, you should assess residual risks. Keep it on the watch list if it is a low priority. You will create a risk response strategy to limit the effect of high-priority risks.

What is the Distinction Between Residual and Secondary Risks?

In our daily lives, we must confront danger. In some cases, we try to prevent them. However, risks are unavoidable events that may impact our goals. The same can be said of companies and initiatives. Risks can increase the possibility of damage or loss to internal initiatives.

On the other hand, a risk does not always have negative consequences. They may be positive at times. Positive risks have a positive influence on project objectives. As a result, project teams take action to make them a reality. Risks can also be classified as identifiable or unidentified. Residual and secondary risks are recognized hazards for which action strategies will be developed if necessary. We shall explain residual hazards and secondary risks in this post using examples.

The following are distinctions between residual hazards and secondary risks −

  • Secondary risks occur directly from putting a risk response in place. However, residual hazards are projected to persist after implementing the intended risk response.

  • To address primary or secondary risks, a contingency plan is employed. To mitigate residual risks, a fallback strategy is employed. (Note that if an identified risk happens, the contingency plan will be implemented, and if it proves unsuccessful, the backup plan will be implemented.)

  • Because residual and secondary risks are identifiable hazards, you will manage them using the contingency reserve. (Not the management reserve, which is reserved for unidentified risks.)

Basis Secondary Risks Residual Risks
Define Those risks occur as a direct result of putting a risk response in place. Those risks that are likely to persist after the planned risk response has been implemented, as well as those that have been knowingly accepted.
Action needed Yes Depends on the Situation
Taking Action Making a response plan A contingency plan
Example Setting out a trap for an animal in your yard but having a family member get trapped in it instead. You eventually wind up participating in the meeting remotely.


Risk is any incident or condition that may impact the project's objectives. Risk management is a critical phase of project management that involves identifying, analyzing, assessing, controlling, avoiding, and minimizing hazards.

Most of the time, residual and secondary risks are overlooked, and project managers fail to design a reaction strategy. They solely consider the main hazards and do not consider secondary or residual concerns. Could you not do it? These dangers are both significant. Ignoring them will compromise the success of your endeavor.

The risk identification procedure should evaluate residual and secondary hazards to minimize issues. When these incidents are significant and successful, a reaction or contingency plan should be developed. They should be watched if they do not necessitate a reaction or a contingency plan. Their potential harms can be repaired using the contingency reserve.

Risk management is one of the ten project management knowledge domains, according to the PMBOK Guide. As a result, a project manager must be skilled at risk management.