PMI-ACP Courses

PMI-ACP – PM certification +37 PDU

Premium PMI-ACP Exam Simulator

480 PMI-ACP Exam Sample Questions
Your subscription gives you access to a pool with 480 high-quality sample questions. All developed to the latest PMI-ACP requirements.The questions not only cover every exam domain that you are being tested on (Agile Principles and Mindset, Value-driven Delivery, Stakeholder Engagement, Team Performance, Adaptive Planning, Problem Detection and Resolution, and Continuous Improvement), but the questions also cover the Tools & Techniques and Knowledge & Skills that you need to know in order to pass.
Click HERE to get more info

David Kohrell: Secondary versus Residual Risk


Synonymous term or a different term, that’s a common question we receive in our course delivery for secondary versus residual risks.  Those two terms sound quite a bit a like.  Are they?  No.

Secondary and Residual Risk

Don’t trip over the finish line!

They’re similar concepts but are different!

  • Secondary risk occurs once a risk event triggers and the appropriate management response strategy deployed. The PMBOK® 4th Edition, page 303, describes this aptly as “driven by the strategies”.For example, in software development, per Steve McConnell, the silver bullet syndrome is a risk of relying or wishing upon that perfect tool to solve all of your problems. The mindset is typically “if we only had this LAMP, API, SQL widget, we’d cut our development time by 25%”! When that risk event triggers, it’s important for a project manager and team to step back and calmly assess the reliance and vulnerability on that assumed “perfect tool”. A secondary risk as the team addresses it might be contractor competency or solvency. Perhaps the new tool will work wonders, but only with gifted hands (and minds) guiding it. As the team reaches out to find that mind, risks associated with contractor management now jump to the forefront. That risk is a secondary risk.
  • Residual Risk is risk that exists after qualitative and quantitative risk assessment. It often falls in that area of unknown/unknown on the risk identification continuum. Health-care provides a good field to understand this. Prior to my father’s passing in 2008, he had a series of medical issues over a five-year period, for example, after a procedure to repair a carotid, residual risk of stroke existed. That in turn restricted the ability to treat an invasive form of prostate cancer. Due to his age and compounding risk factors, the residual risks were replete. In software project management residual risk typically associates with environmental factors (computer environment) that a team has not reviewed, for example a new software patches incompatibility with a lesser known or evolving platform (e.g., mobile web or cloud computing).

by David Kohrell, PMP®, CBAP®, CISA®, CSSBB®

More than 25,000 PMP aspirants passed the exam with PMPrepcast. More info? Click THIS
BrainBOK - ITTO, Exams, Flashcards, Quizzes, Formulas and more

3 comments to David Kohrell: Secondary versus Residual Risk

  • Hi David
    Loved your post and this is really often a critical question for PMP-students.
    I would like to ask your permission to comment the text:
    Making it easier for the secondary risk:
    Secondary Risks are risks created by our Risk Response.
    Expl.: You contract a Consultant as answer to identified risks and this professional has behaviors, that create new risks.

    On behalf of Residual Risk, I would prefer to reformulate as follows:
    “Residual risk is risk that continues existing after Risk Response Planning.”
    Expl.: You mitigate the probability of a financial risk from 35% to 10%. Those 10% would be your residual risk.

    For to have a residual risk, you need to have treated risk and a Qualitative and Quantitative assessment is…… just an assessment. Only after applying the action defined in Risk Response Planning, you have changes and in consequence, secondary and residual risks.

    Kind Regards from Brazil
    Gerhard Tekes,
    PMP, PMI-RMP, PMI Certified OPM3(R) Professional
    Available for OPM3 ProductSuite Assessments and Consulting
    in English, German, Portuguese and Spanish

  • […] This post was mentioned on Twitter by PMP® Exam Tips and pmhub, derhem. derhem said: RT @PMExamTips: PMHUB: Secondary versus Residual Risk #PMOT […]

  • Gerhard, wonderful clarification and thank you! The reinforcement that residual risk first requires treatment via Q/Q risk assessment is perfect. They’re those “unknown, unknown’s” that linger. Secondary risks are what happen as you invoke the Risk response.

    As an aside, one of my favorite author’s during my Master’s in Management (early 90’s) was Herbert A Simon – sort of the grandfather of semi structured decision making in uncertainty. He wrote a good amount in the known-unknown to unknown-unknown continuum of decision making.