Study PMI-RMP Contingency and Residual: key concepts, common traps, and exam decision cues.
Contingency, secondary risks, and residual risks make response execution realistic. PMI-RMP expects you to execute the response and still watch what the response itself changes.
Residual risk is the exposure that remains after the response. Secondary risk is new risk created by the response itself. Strong answers do not treat response execution as the end of thinking. They look for feedback, side effects, and the need to adjust.
Contingency plans also matter because not every response works as expected. A good risk manager knows when to execute the planned response, when to trigger contingency, and when to improvise responsibly because conditions changed.
PMI-RMP often checks whether you understand the difference between the primary response path and the fallback path. The contingency exists in case the planned response is insufficient, delayed, or overtaken by events. If the project has no trigger logic for that fallback, contingency is only paperwork.
The stronger answer usually defines:
Another common trap is closing a risk too early because the project started acting on it. PMI-RMP usually rejects that move. If material exposure remains, the risk is still part of the management picture even after the main response begins.
The stronger answer usually asks what remains, not just what has started.
When the response changes delivery method, vendors, interfaces, approvals, or timing, it can create new uncertainty. That new uncertainty should be treated as real project exposure. If it is significant enough, it belongs in the process, not as a side comment.
This is one of the cleaner ways PMI-RMP tests whether you see risk management as dynamic rather than linear.
| Term | What it means | Stronger response |
|---|---|---|
| residual risk | exposure that remains after the planned response | keep monitoring and decide whether additional action is needed |
| secondary risk | a new risk created by the response itself | record and manage it as a real new exposure |
| contingency plan | the fallback action if the main response is insufficient or conditions change | define the trigger and execution logic before the risk event forces improvisation |
| Situation | Stronger PMI-RMP move |
|---|---|
| main response is underway but exposure remains | keep the risk open as residual rather than closing it automatically |
| response changes the delivery model or supplier profile | assess whether new secondary risks were introduced |
| monitored conditions cross a defined threshold | execute the contingency path instead of pretending the main response is enough |
| stakeholders report response side effects | use that feedback to adjust the response and monitoring logic |
Risk response is not “set and forget.” If stakeholders, metrics, or field conditions show that the response is underperforming or creating side effects, the project should adjust. PMI-RMP usually rewards controlled adaptation rather than blind loyalty to the original response plan.
Stronger answers:
Weaker answers:
The response is not the end of the risk story. On PMI-RMP, the stronger answer often asks: what remains, what changed, and what new exposure did the response create?
A team begins a response that reduces one threat, but the change introduces a new dependency and still leaves some exposure in place. The contingency plan exists in the documentation, but no one has defined the threshold that would trigger it.
The stronger PMI-RMP move is to manage the residual and secondary effects explicitly and make the contingency path usable. The weak move is to act as though starting the response means the original risk is finished.
A mitigation action reduces one technical threat but creates a new vendor dependency and leaves some schedule exposure in place. What is the strongest next step?
A. Close the original risk because action has started B. Record the remaining exposure as residual risk and the new vendor dependency as secondary risk, then continue monitoring both C. Delete the new dependency because it was caused by a planned response D. Treat the remaining schedule exposure as an issue only
Best answer: B
PMI-RMP explicitly expects monitoring of residual and secondary risks after response execution. B preserves that discipline. A closes too early. C ignores a real new risk. D changes classification without evidence that the uncertainty is no longer future-facing.