Secondary Risk is a risk that arises as a direct result of implementing a risk response.
It is not part of the original risk set but emerges from actions taken to address existing risks. While responses are intended to mitigate or exploit, they can introduce new uncertainties that must also be identified, assessed, and managed.
Key Characteristics
- Response-Triggered – Caused by the execution of another risk response
- Requires Management – Subject to identification, analysis, and planning
- May Be Positive or Negative – Can represent new threats or opportunities
- Documented in Risk Register – Tracked alongside original and residual risks
Example Scenarios
- Outsourcing a risky activity introduces data security risks with a third-party vendor
- Mitigating a schedule risk by fast tracking causes increased rework or confusion
- Installing backup power to avoid downtime creates a risk of electrical overload
Role in Risk Planning and Monitoring
- Ensures Full Risk Awareness – Captures the ripple effects of planned responses
- Supports Proactive Management – Prevents oversight of new risks created by mitigation
- Strengthens Risk Documentation – Reinforces a complete view of the project’s risk landscape
- Links with Residual Risk – Managed in tandem as part of comprehensive risk control
See also: Residual Risk, Risk Response Plan, Risk Register, Mitigate Risk, Monitor Risks.