Skip to main content

Residual Risks and Secondary Risks

Residual risk is the level of risk that remains after all possible measures have been taken to mitigate or eliminate a particular risk.

It is the risk that an event will still occur despite the implementation of risk management controls or strategies.

Residual risk example in banking:

  • Inability to clear debt
  • Risk of a loan applicant losing their job
  • Guarantor's refusal or delay to pay
Here are some steps organizations can take to address residual risk:

  • Identify requirements: Determine relevant governance, risk, and compliance requirements.
  • Evaluate controls: Assess the strengths and weaknesses of the organization's control framework.
  • Acknowledge risks: Recognize existing risks.
  • Define risk appetite: Determine the organization's risk tolerance level.
  • Implement recovery strategies: Conduct recovery exercises that are realistic and rigorous.
  • Transfer risk: Shift the potential loss from an adverse outcome to a third party, such as through purchasing insurance.
  • Accept risk: Accept responsibility for any losses incurred by remaining residual risks.


What Are Secondary Risks?

The PMBOK Guide defines secondary risks as “those risks that arise as a direct outcome of implementing a risk response.” In other words, you identify risk and have a response plan in place to deal with that risk. Once this plan is implemented, the new risk that may arise from the implementation - that’s a secondary risk. 

Secondary Risk examples:
  • Manufacturing company: A company might offer a promotion to attract more customers for a new product, but this could lead to a secondary risk of running out of inventory.
  • Health insurance policy: The premium payments for a health insurance policy are a secondary risk.


Comments

Popular posts from this blog

Certified Enterprise Architect Professional (CEAP) - Module 4 - Architecture Precursors

 Architecture Precursors: Precursors to modern Enterprise Architecture (EA) include early frameworks like IBM's Business Systems Planning (BSP), which focused on aligning business strategy with information systems, as well as other Information Systems (IS) architecture methodologies that emerged in the 1970s and 80s, emphasizing the connection between business processes and IT systems, laying the groundwork for the holistic view of an organization that EA represents today; the "Master Plan for Information Systems" by Evans and Hague is also considered a foundational concept in this area. Drivers: internal / external pressure enforce to change the system Aims & Directives: Aims:  Goals Objectives Requirements Directives: Principles (example: Principles can be associated with business, data, applications, infrastructure, or security) Policies (example: Members of the public have minimal access to data) Business Rules (example: A rule directs and restricts a procedure)

Scaled Agile Framework (SAFe)

The Scaled Agile Framework (SAFe) is a set of organizational and workflow patterns for implementing agile practices at an enterprise scale. The framework is a body of knowledge that includes structured guidance on roles and responsibilities, how to plan and manage the work, and values to uphold. Scrum is a simple, flexible approach to adopting Agile that's great for small teams. SAFe is an enterprise-wide Agile framework designed to help bring Agile beyond the team and into the company as a whole. Scaled Agile has built a comprehensive level that includes all the four layers called the team, program, large solutions, and portfolio level. 4 Layers: Portfolio - Strategy, Vision, Roadmap, Strategy goal, Decision making, Budget, Portfolio level metrics,  Program - Align multiple teams towards a common mission, Bring together all the Agile teams, transparency, collaboration, and synchronisation, Scrum of Scrums, Product Owners to define the overall vision. Large Solutions - ar...

4 T's - Technology, Time, Teamwork, Transparency

 1) Technology: Software development technologies are the tools and methods that developers use to design, develop, test, and deploy software applications. These include a wide range of software technologies, such as programming languages, frameworks and libraries, databases, and cloud computing platforms. 2) Time: A timebox is a fixed time period within which a deliverable must be produced in a project management context. It's a time management technique that involves dividing time into individual time periods, each with its own goal, duration, and deadline. Timeboxes are self-contained calendar events that can't be extended once they've started. The fundamental principle of timeboxing is that time in timeboxes can't shift, and once the time runs out, work must stop, even if the task isn't finished.  3) Teamwork: Teamwork in project management is a measure of how well a project's team works together to achieve a goal. It involves collaboration, communication, a...