Mudassir Iqbal

Residual Risk and Secondary Risk

The PMBOK® Guide ver 6 defines risk as “An uncertain event or condition that, if it occurs, has a positive or negative effect upon at least one project objective.”

Residual Risks

The risks that might remain after the planned response of risk and those that have been purposely accepted. PMBOK Guide ver 6.

Residual Risks

Residual risks are referred to as leftover risks. These are accepted to the corporate risk tolerance level. In certain cases, a residual risk doesn’t have a reasonable response. Project manager merely accepts them the way they are since there is not much do about it. The risks are recognized during the process of planning. Usually, a contingency reserve is set up to cope with such risks. As a project manager, you will make sure that every residual risk is assessed properly. If there is no action required, you will probably keep them on the watch list. Though if they need any action, you should perhaps minimize the probability or influence of the risk through mitigation plan. For Residual Risk, we might not always act.


Imagine you have identified a risk about the occurrence of rain for an hour or two. Subsequently, you have developed a contingency plan to manage the risk. You might think that what if the rain continues to fall even after two hours. You will further evaluate the situation and create a fallback plan referred to as residual risk.

Secondary Risks

The risks that come up as a direct result of executing a risk response. PMBOK Guide ver 6.

For secondary risks, the project management team need to identify the risk and formulate a response plan to deal with the situation. As soon as the plan is executed, it may lead to a new risk that’s known as secondary risk. A response plan is developed primarily depending on the influence of these risks on the project. Typically, a high impact risk requires a response plan. On the contrary, if the risk appears negligible, it will be only looked after by the project manager. Subsequently, the secondary risks are evaluated for their severity and that may or may not need a response plan to achieve the ultimate project objectives. For Secondary Risk, we will have response plan.


Suppose you are a project manager for construction tasks. According to your experience, you are well aware of the fact that one major risk that you might face is when the sand supplier doesn’t deliver on time. Accordingly, in the risk management plan, you will consider this risk and the required action in case of such an event. Even after the implementation of the risk response plan, there is another potential risk that’s the difference in the sand provided by two suppliers which were to be referred to as a secondary risk.

The difference between Residual Risk and Secondary Risk

Assume you are planning the study schedule for your upcoming exam, the primary risks affecting the schedule may include:

  • You may not find enough time to study due to professional commitment. There might an unexpected project comes up during the exam preparation as residual risk. Consequently, you need to set a plan to postpone your exam commonly known as a known unknown from contingency reserve.
  • In another situation, you may fall ill during exam prep. There will be mainly a secondary risk for the risk response i.e. what if the vaccines cause side effects such as prolonged fatigue or infection. You will perhaps require a risk response plan for this secondary risk.

It is important for Project Manager or for Project management Team that all types of risks must be identified, analyzed, monitored and taken care of throughout the project.

Further Readings

  1. Project Risk Management
  2. Risk Definitions 
  3. Residual RiskMudassir Iqbal, Professional Skills Trainer


[pt_view id=”c356c37lza”]

Leave a Reply