Risk management is an integral part of project management. While identifying and assessing risks are critical steps, understanding the nature of the risks that remain after response strategies are applied is equally essential. Two types of risks often discussed in this context are residual risks and secondary risks. These risks are crucial for project managers to identify, as they can significantly impact the project’s success. Let’s dive deeper into each type and the key differences between them.
Residual Risks
Definition:
Residual risks are the risks that persist after all planned risk response strategies have been implemented. In other words, these are the risks that remain even after attempts to reduce, mitigate, or eliminate the original risks have been made. Residual risks are those that cannot be fully addressed through the available resources or strategies, and thus, they still hold the potential to affect the project.
Key Characteristics:
- Unavoidable Risks: Despite mitigation strategies, some risks will always remain because they are outside the scope of the response strategies.
- Low Probability & Impact: Typically, residual risks are those that are of low probability or have minimal impact, but they still need to be monitored because their effects could escalate unexpectedly.
- Examples:
- A project’s budget may be reduced due to unforeseen funding cuts, but there may be limited ability to fully mitigate the financial risk in the current budget.
- A project may still face risks related to external regulatory changes, even after the project team has fully complied with the current regulations.
Management:
Residual risks should be regularly reviewed throughout the project’s life cycle. Although they are relatively less impactful, their potential to affect the project must be closely monitored and managed. A contingency plan should be established to deal with them if they materialize. For instance, a company might set aside a small reserve budget to cover any unforeseen costs that arise from residual risks.
Secondary Risks
Definition:
Secondary risks are risks that emerge as a direct consequence of implementing a risk response to an initial risk. In essence, these are new risks that arise from actions taken to reduce or eliminate primary risks. While these risks are often unintended, they can be significant and need to be identified and managed.
Key Characteristics:
- Unintended Consequences: Secondary risks are a result of well-intentioned mitigation strategies, but the new risks they create can have their own impact on the project.
- Direct Link to Response Strategies: These risks are always associated with a particular risk response strategy.
- Examples:
- If a project implements a strategy to mitigate technical risks by adopting a new technology, the secondary risk might be related to the learning curve or incompatibility issues of the new technology.
- In an effort to avoid delays due to vendor dependency, a project might switch to a new supplier. The secondary risk could be related to the new supplier’s inability to deliver on time, leading to new project delays.
Management:
Secondary risks require active identification and monitoring as they may create additional project challenges. A comprehensive risk management plan should anticipate these types of risks and include strategies for managing them. Often, it’s necessary to modify the original risk response strategies or implement additional mitigation actions to handle the secondary risks.
Differences Between Residual and Secondary Risks
| Aspect | Residual Risks | Secondary Risks |
| Definition | Risks that remain after all risk responses are applied. | Risks that emerge due to the implementation of risk response strategies. |
| Origin | They remain after mitigation or other risk responses. | They arise as an unintended result of a risk response. |
| Management Focus | Focus on monitoring and managing the remaining risks. | Focus on identifying and managing risks introduced by the mitigation actions. |
| Frequency | More common in long-term projects or complex environments where full mitigation is not possible. | More likely in situations where the project response involves significant changes or adjustments to the initial plan. |
| Examples | Remaining financial risks after budget cuts, regulatory risks, etc. | A new supplier failing to deliver on time due to a risk response involving switching vendors. |
| Impact | Typically low, but it could escalate if left unmanaged. | Can be significant if not anticipated and managed properly. |
Interplay Between Residual and Secondary Risks
While residual risks are typically addressed through mitigation strategies, secondary risks arise because of the very steps taken to mitigate the primary risk. This can create a complex risk landscape where managing one risk may inadvertently create others.
For example, consider a project that faces the risk of a delayed product launch due to a lack of skilled workers. As part of a risk response, the project manager hires additional contractors to ensure on-time delivery. However, this strategy introduces a secondary risk: the new contractors may not be fully integrated into the team, potentially causing communication issues or delays. The original risk (delayed product launch) is mitigated, but a secondary risk (team miscommunication) arises.
To effectively manage this, the project team needs to not only monitor the original risk but also the new risk introduced by the mitigation strategy. This requires ongoing risk assessments and a flexible, adaptive approach to project management.
Key Takeaways for Project Managers:
- Proactive Monitoring: Both residual and secondary risks should be continuously monitored throughout the project. Project managers must be vigilant, as both types of risks can escalate over time.
- Integrated Risk Plans: A successful risk management plan will consider not only the primary risks but also the secondary risks that could arise from mitigation efforts. It’s crucial to understand that risk responses can have ripple effects.
- Clear Documentation: Documenting risk response strategies and their potential consequences (secondary risks) is essential. This documentation can be referred to if the new risks emerge.
- Adaptability: As the project progresses, new risks—whether secondary or residual—may emerge, so being adaptable in response planning is essential to maintaining project stability.
By understanding the distinction between residual and secondary risks, project managers can develop more nuanced and comprehensive risk management strategies, improving the likelihood of successful project completion.