In PPM Express, Inherited and Residual risks help assess project exposure at different stages of mitigation. Although both are related to the same risk, they represent different points in the risk lifecycle.
Inherited Risks and Risk Scores
Inherited Risk (also known as Initial or Gross risk) represents the level of exposure before any mitigating actions are applied.
It shows what the situation would look like if the risk occurred today, assuming no controls or responses are in place.
- Purpose: Identify the raw severity of the risk.
- Typical Calculation: Inherited Risk Score = Probability × Impact (before mitigation)
- Use Case: Helps prioritize which risks require attention or action first.
Example: If a supplier delay could cause a 3-week project slip and there are no backup vendors, this is the inherited exposure.
Residual Risks and Risk Scores
Residual Risk represents the risk that remains after mitigation measures have been implemented.
It reflects the realistic exposure considering the planned or completed risk responses.
- Purpose: Evaluate the effectiveness of mitigation actions.
- Typical Calculation: Residual Risk Score = Probability × Impact (after mitigation)
- Use Case: Helps monitor if controls have reduced the risk to an acceptable level.
Example: After securing an alternative supplier and updating the schedule buffer, the probability or impact decreases.
Comparing the Two
| Aspect | Inherited Risk | Residual Risk |
|---|---|---|
| Timing | Before mitigation | After mitigation |
| Reflects | Raw, uncontrolled exposure | Controlled, remaining exposure |
| Used for | Prioritization & planning | Monitoring & review |
| Risk Score | Usually higher | Usually lower |
Regularly updating Residual Risk Scores helps ensure your mitigation plans are effective and risks remain within acceptable limits.
Residual and Inherited Risks in PPM Express
Applies to: Risks in Projects, Programs, Portfolios, and Ideas.
Risk Management functionality in PPM Express supports the concepts of Inherited and Residual risks, helping you evaluate and compare the risk level before and after mitigation.
To support these concepts, PPM Express includes additional fields for risks:
- Impact: The potential severity of the risk’s consequences after mitigation (Residual Impact). Recommended range: 1 (low) to 10 (high).
- Probability, %: The likelihood of the risk occurring after mitigation (Residual Probability). Scale: 0–100%.
-
Residual Risk Score: Calculated as Residual Risk Score = (Probability, % * Impact) / 100.
This field represents the risk level after mitigation. This field is system-calculated and cannot be edited manually on the UI, via CSV import, sync, or via API. - Inherited Probability, %: The likelihood of the risk occurring before mitigation or control. Scale: 0-100%.
- Inherited Impact: The potential severity of the risk’s consequences before mitigation. Recommended range: 1-10.
-
Inherited Risk Score: The initial risk score is calculated as (Inherited Risk Score = (Inherited Probability % * Inherited Impact) / 100, representing the risk level before mitigation.
This field is also system-calculated and cannot be edited manually, via import, sync, or API. - Mitigation Plan: Describes measures implemented to reduce the probability or impact of a risk.
- Contingency Plan: Outlines the response actions if the risk occurs.
When a project is initiated from an Idea with Risks, the risks are copied into the project with their field values.