This is our 32nd post in our Project Management Professional (PMP)® Concepts Learning Series
Each post within this series will present a comparison of common concepts that appear on the PMP and Certified Associate in Project Management (CAPM)® exams.
Residual Risk versus Secondary Risk
Risk management is an integral component of project management. Risk management includes not only managing identified risks but also the residual and secondary risks.
Residual risk is the risk that remains after a risk response has been taken.
The degree of risk tolerance should be considered to ensure that the amount of residual risk is acceptable. If not, additional risk actions may need to be taken to try and further reduce the risk.
A secondary risk is a risk that arises as the result of implementing a risk response. If the risk response was not taken, the secondary risk would not exist.
Secondary risks should be evaluated for appropriate action. The severity of the secondary risk or risks may eliminate the risk response as an option if the secondary risk falls outside of the project risk tolerance.
You are planning the annual employee recognition event. It will be an outdoor luau-themed event. Because there is a chance of rain, you decide to mitigate the risk of the employees getting wet and not having fun by putting up a tent.
There is still some residual risk that the employees will get wet walking from the parking lot to the tent.
There is also a secondary risk that someone will trip over the tent poles and get injured.
Risk identification and analysis should also include residual risks (those risks that remain after an action has been taken) and secondary risks (those risks that arise as a result of implementing a risk response).
See all posts in our PMP Concepts Learning Series