Risk

What is a Residual Risk?

Residual risk is what's left after a risk response is implemented. Mitigation reduces a risk; it rarely erases it. The leftover stays on the register, gets monitored, and is typically covered by contingency reserve.

Its exam twin is secondary risk: a brand-new risk created by the response itself. Keep them straight — residual is the shrunken original; secondary is a new problem your solution invented.

Worked example

A team mitigates "lead developer might leave" by cross-training two others. The residual risk: a departure still costs some velocity, just less. The secondary risk: cross-training time slows this sprint's delivery. Both go on the register — one shrunken, one newborn.

← Back to the full glossary