As per the risk analysis process carried out for a project, two risks are registered. The probability risk
A will occur is 40% and its monetary impact to the project is US$100,000. The probability risk B will
occur is 60% and its monetary impact to the project is US$20,000.
What is the total contingency budget that should be created?
B
Explanation:
In risk management, to calculate the contingency budget for risks, we use the Expected Monetary
Value (EMV) formula: EMV=Probability of Risk×Impact of Risk\text{EMV} = \text{Probability of Risk}
\times \text{Impact of Risk}EMV=Probability of Risk×Impact of Risk
For Risk A:
Probability: 40% or 0.40
Impact: US$100,000\text{EMV of Risk A} = 0.40 \times 100,000 = US$40,000
For Risk B:
Probability: 60% or 0.60
Impact: US$20,000\text{EMV of Risk B} = 0.60 \times 20,000 = US$12,000
Total contingency budget = EMV of Risk A + EMV of Risk B
40,000 + 12,000 = US$52,000
Thus, the total contingency budget required for both risks is US$52,000. This approach follows PMI’s
risk management guidelines, specifically under the "Quantitative Risk Analysis" process. This process
focuses on determining numerical probabilities and monetary impacts to compute the expected
financial impact of identified risks .
A risk manager notices that a risk owner is facing challenges implementing their response strategy
and the costs are significantly exceeding expectations. What is the first thing the risk manager should
do?
D
Explanation:
The first thing the risk manager should do is analyze the situation and meet with the risk owner. This
will allow the risk manager to understand the challenges faced by the risk owner and work with them
to find a solution. Conducting a cost-benefit analysis or changing the risk response strategy may be
necessary, but it is important to first understand the situation before taking any action.
According to the PMI-RMP Exam Content Outline, one of the tasks in the domain of Risk Response
Planning is to “assist the risk owners in developing and implementing risk response strategies and
actions based on the agreed-upon risk response plan”. Therefore, the first thing the risk manager
should do is to analyze the situation and meet with the risk owner to understand the root cause of
the challenges and the cost overrun, and to discuss possible solutions or alternatives. Highlighting
this situation to the project manager, conducting a cost-benefit analysis, or changing the risk
response strategy are possible actions that can be taken after the analysis and meeting, but not
before. Reference: PMI-RMP Exam Content Outline, Domain 3: Risk Response Planning, Task 31
The risk manager also serves as a facilitator for a project and realizes the project team members have
biases impacting how they perceive risks. What analysis is currently being used?
C
Explanation:
The analysis currently being used is qualitative risk analysis. Qualitative risk analysis involves
assessing risks based on their likelihood of occurrence and their potential impact on the project. This
type of analysis can help identify biases that may be impacting how team members perceive risks.
Qualitative risk analysis is the process of prioritizing individual project risks for further analysis or
action by assessing their probability of occurrence and impact as well as other characteristics.
Qualitative risk analysis helps to identify the most significant risks that require attention and
response planning. One of the tools and techniques used in qualitative risk analysis is risk data
quality assessment, which evaluates the degree to which the data about individual project risks is
useful for risk management. Risk data quality assessment considers various aspects of data quality,
such as reliability, accuracy, integrity, precision, and bias. Bias is the tendency of human judgment to
be influenced by personal or organizational preferences, assumptions, beliefs, or emotions, rather
than by objective facts or evidence. Bias can affect how project team members perceive and assess
risks, leading to inaccurate or incomplete risk analysis results. Therefore, the risk manager who
realizes the project team members have biases impacting how they perceive risks is currently using
qualitative risk analysis to prioritize the risks and assess the quality of risk data. Reference: PMI,
Practice Standard for Project Risk Management, 2009, p. 37-38, 41-42.
A project manager has requested a risk manager facilitate risk identification on a project. While
facilitating this effort, the project manager wants to ensure that stakeholders interact and provide
their expertise so that an exhaustive list of risks is created.
Which risk identification technique should the risk manager use?
D
Explanation:
The risk identification technique that the risk manager should use is the nominal group technique.
This technique involves bringing stakeholders together to brainstorm potential risks and then ranking
them based on their importance. This allows for interaction and collaboration among stakeholders,
which can help ensure that an exhaustive list of risks is created.
The nominal group technique is a risk identification technique that involves the interaction and
collaboration of stakeholders to generate an exhaustive list of risks. It is a structured process that
allows each participant to share their ideas independently, then rank and prioritize them as a
group. This technique ensures that all opinions are considered and reduces the influence of
dominant or biased individuals12
: 1: PMI Risk Management Professional (PMI-RMP)® Handbook, page 10 2: A Guide to the Project
Management Body of Knowledge (PMBOK® Guide) – Seventh Edition, page 11.2.2.1
.
In a project to promote public health and mitigate health risks, the national health authorities intend
to take actions to limit the risks of harmful insects by using pesticides; however, it is expected that
some residents will have negative health effects due to the use of the pesticides but according to the
assessment completed by the health authorities, not moving forward with this plan will have much
more serious consequences on public health rather than following through with the original plan.
How should the project manager address this concern with the health authorities?
C
Explanation:
The project manager should assess and record associated secondary risks and proceed to treat them
as any other risks. This involves identifying and evaluating the potential negative health effects of
using pesticides and developing a plan to mitigate these risks. While it is important to consider the
concerns of residents, the health authorities have determined that not moving forward with the plan
will have more serious consequences on public health.
Secondary risks are those that arise as a direct outcome of implementing a risk response. In this
case, the use of pesticides is a risk response to limit the risks of harmful insects, but it may also cause
negative health effects to some residents. This is a secondary risk that needs to be assessed and
recorded in the risk register, along with its probability, impact, and response plan. The project
manager should not suspend the project, as this would ignore the primary risk of harmful insects.
The project manager should not consult with health experts to provide a risk trigger, as this is not a
valid risk management technique. A risk trigger is an indication that a risk event is about to occur or
has occurred, not a condition that prevents a risk response from being implemented. The project
manager should not proceed with the project as normal, as this would neglect the secondary risk and
its potential consequences. The project manager should follow the risk management process and
treat the secondary risk as any other risk in the project. Reference: PMI. (2017). A Guide to the
Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition. Chapter 11: Project Risk
Management, p. 408. 5
The project manager wants to use an objective method to evaluate the key project risks and develop
response plans.
What action should the risk manager propose?
C
Explanation:
The action that the risk manager should propose is to ask the team to prepare a Monte Carlo
analysis. This is a statistical technique that can be used to model the probability of different
outcomes in a project. By performing a Monte Carlo analysis, the project manager can objectively
evaluate key project risks and develop response plans based on this analysis.
A Monte Carlo analysis is a simul-ation technique that uses probability distributions and random
sampling to model the possible outcomes of a project risk event. It can help the project manager to
evaluate the key project risks and develop response plans based on the expected value, standard
deviation, and confidence intervals of the results. A Monte Carlo analysis can also provide
information on the probability of achieving the project objectives, such as cost, schedule, and
quality. A Monte Carlo analysis is an objective method because it does not rely on subjective
judgments or opinions, but on mathematical calculations and statistical data. Reference: PMBOK
Guide, 6th edition, Section 11.5.2.3, Monte Carlo Analysis1
A company is preparing a formal response to bid for an infrastructure engineering, procurement, and
construction project. When should a risk register be developed to identify risks?
C
Explanation:
A risk register should be developed before submitting a formal bid response to help the company
understand the project's risk profile and account for potential risks in their proposal. This allows the
company to make informed decisions about cost, schedule, and resources. (Reference: Project
Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK® Guide) –
Sixth Edition, Section 11.2)
A risk register is a document that is used as a risk management tool to identify potential setbacks
within a project. A risk register is typically created at the start of a project (before it begins), and is
regularly referenced and updated throughout the life of a project through deliberate risk monitoring
and control1. A risk register is an important component of any successful risk management process
and helps mitigate potential project delays that could arise. A risk register is shared with project
stakeholders to ensure information is stored in one accessible place2. A risk register also helps to
establish a hierarchy of risks, starting with the most impactful. The goal should be to have a path to
mitigating those risks, reducing the harm they cause, or eliminating them. The register should also
outline what’s considered an acceptable level of risk and how to set up insurance to help offset the
impacts3. Therefore, a risk register should be developed before a formal bid response is provided to
the client to gain a greater understanding of the project’s risk profile. This will help to estimate the
project costs, schedule, and scope more accurately and realistically, as well as to identify the
contingency plans and reserves needed to deal with the potential risks. Developing a risk register
during the project execution phase, when a client project kick-off meeting is held, or after a project
budget is set up with a purchase order are all too late to effectively identify and manage the risks
that could affect the project success. Reference: 2, 3, 1, 4
A risk manager completed risk response planning for a project that is currently in the execution
phase. During a periodic review of the risk register, the project manager recognizes that some key
secondary risks have not been considered.
Who should the project manager hold accountable for missing the risks?
B
Explanation:
The risk manager is responsible for ensuring that all risks, including secondary risks, are identified
and addressed during the risk response planning process. If key secondary risks were missed, the risk
manager should be held accountable. (Reference: Project Management Institute. A Guide to the
Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, Section 11.5)
The risk manager is responsible for identifying and analyzing risks, as well as planning and
implementing risk responses. Secondary risks are those risks that arise as a direct result of
implementing a risk response to a specific risk. The risk manager should have considered the
potential secondary risks during the risk response planning and updated the risk register
accordingly. The project manager should hold the risk manager accountable for missing the
secondary risks and ensure that they are properly addressed12
: 1: PMI Risk Management Professional (PMI-RMP)® Handbook, page 10 2: A Guide to the Project
Management Body of Knowledge (PMBOK® Guide) – Seventh Edition, page 11.2.2.1
.
A project manager is identifying risks on a project and decides to use a risk checklist to gather
historical data accumulated from similar projects. With several different historical project files to
choose from, which two pieces of information should the project manager include in their risk
checklist? (Choose two.)
C,D
Explanation:
A risk checklist is a tool for identifying risks based on historical information and knowledge from
similar projects. It is a list of potential risk sources or categories that can be used to prompt the
project team to consider possible risks that may affect the project. A risk checklist should include
information that is relevant and useful for identifying risks, such as lessons learned from similar
completed projects and previous project risks that may be relevant to this project. These two pieces
of information can help the project manager to learn from past experiences and avoid repeating the
same mistakes or overlooking the same threats or opportunities. A risk checklist should not include
information that is not directly related to risk identification, such as budget variance data from
previously completed projects, project scope and cost management plans from previous projects, or
stakeholder analysis metrics from projects with similar risk profiles. These pieces of information may
be useful for other aspects of project management, such as planning, monitoring, or controlling, but
they are not helpful for identifying risks on a project. Reference: PMI. (2017). A Guide to the Project
Management Body of Knowledge (PMBOK® Guide) – Sixth Edition. Chapter 11: Project Risk
Management, p. 397. 5
Lessons learned and previous project risks are valuable sources of information for creating a risk
checklist. They provide insights into potential risks that may impact the current project and help the
project manager develop appropriate risk responses. Budget variance data, project scope and cost
management plans, and stakeholder analysis metrics, although useful, are not directly related to risk
identification. (Reference: Project Management Institute. A Guide to the Project Management Body
of Knowledge (PMBOK® Guide) – Sixth Edition, Section 11.2)
During the design phase the project team is exploring various architecture options. After reviewing
the results of design pilot, two conflicting infrastructure pieces were identified.
What action should the project manager take?
D
Explanation:
According to the PMBOK Guide, 6th edition, Section 11.2.1.2, Assumptions Log, an assumption is a
factor that is considered to be true, real, or certain without proof or demonstration. Assumptions can
affect the project planning and execution, and should be identified, documented, validated, and
updated throughout the project life cycle. The assumptions log is an output of the Identify Risks
process, and it records the project assumptions and their potential impact, validity, and priority. If
the assumptions are found to be invalid or inaccurate, they may introduce new risks or change the
existing risk exposure. Therefore, the project manager should update the assumptions log and assess
the risk associated with the conflicting infrastructure pieces, and plan appropriate risk responses if
needed. Reference: PMBOK Guide, 6th edition, Section 11.2.1.2, Assumptions Log
When conflicting infrastructure pieces are identified, the project manager should update the
assumptions log to reflect the new information and assess the risks associated with the conflicting
pieces. This allows the project manager to make informed decisions about how to address potential
issues and avoid future problems. (Reference: Project Management Institute. A Guide to the Project
Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, Section 11.3)
An organization faces immense competition in the market and decides 10 accelerate a key project.
What is the first action for the project risk manager to take?
B
Explanation:
The risk management plan is a document that describes how risk management activities will be
structured and performed on a project. It defines the roles and responsibilities, risk categories, risk
appetite and thresholds, risk identification and analysis methods, risk response strategies, risk
monitoring and reporting mechanisms, and risk governance mechanisms1. The risk management
plan should be aligned with the project management plan, which defines the project scope,
schedule, cost, quality, and other aspects2. When an organization decides to accelerate a key project,
it means that the project objectives, assumptions, constraints, and environment have changed. This
will affect the risk exposure and profile of the project, as well as the risk management approach and
resources. Therefore, the first action for the project risk manager to take is to revise the risk
management plan to reflect the new situation and ensure that the risk management process is still
effective and efficient. Revising the risk management plan may involve updating the risk categories,
risk appetite and thresholds, risk identification and analysis methods, risk response strategies, risk
monitoring and reporting mechanisms, and risk governance mechanisms to suit the accelerated
project. The project risk manager should also communicate the revised risk management plan to the
relevant stakeholders and obtain their approval and support1. Ensuring sufficient resources are
available, updating the risk register, and meeting with the project’s stakeholders are all important
actions to take when accelerating a project, but they are not the first action. These actions should be
done after revising the risk management plan, as they depend on the updated risk management
approach and process. For example, the project risk manager may need to allocate more resources to
risk management activities, identify and analyze new or changed risks, implement new or modified
risk responses, and report the risk status and performance to the stakeholders based on the revised
risk management plan1. Reference: 2, 1.
When a project is accelerated, the risk landscape changes. The project risk manager should first
revise the risk management plan to address the new timeline and its potential impacts on the
project. This will help in identifying new risks, reassessing existing risks, and updating risk responses.
A risk management professional is currently facilitating the risk planning process with the project
team. To increase the breadth of considered risks, the team wants to include high-level and strategic
project risks.
What should the risk management professional do next?
C
Explanation:
A SWOT analysis is a risk identification technique that helps to identify high-level and strategic
project risks by examining the internal and external factors that may affect the project objectives. A
SWOT analysis involves listing the strengths, weaknesses, opportunities, and threats of the project,
and then analyzing how they may impact the project positively or negatively. A SWOT analysis can
help to uncover potential risks that may not be obvious from other techniques, such as prompt lists,
interviews, or brainstorming12
: 1: PMI Risk Management Professional (PMI-RMP)® Handbook, page 10 2: A Guide to the Project
Management Body of Knowledge (PMBOK® Guide) – Seventh Edition, page 11.2.2.1
A project is at the final development stage. The test lead informs the risk manager that a key feature
may not be testable due to changes in the environment
What should the risk manager do?
C
Explanation:
The risk manager should review the feature with the project team to determine the cause and
impact of the untestability, and to identify possible solutions or alternatives. The risk manager
should also update the risk register and the risk response plan accordingly. This is the best option
among the given choices, as it involves the relevant stakeholders and follows the risk management
process. Confirming the risk triggers are still valid is not sufficient, as it does not address the problem
or its consequences. Asking the architect to develop acceptance criteria is not appropriate, as it may
not be feasible or effective to test the feature with new criteria. Escalating the issue to the project
board is premature, as it may not be necessary or desirable to involve the senior management
without first analyzing the situation and proposing a course of action. Reference: PMI. (2017). A
Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition. Chapter 11:
Project Risk Management, pp. 414-415. 5
When a key feature may not be testable due to changes in the environment, the risk manager should
review the feature with the project team to understand the issue, assess its impact, and determine
the appropriate risk response. This collaborative approach ensures that the team has a clear
understanding of the situation and can work together to address the risk.
A risk manager is managing risks of a mission critical application. A subject matter expert (SME) asks
the risk manager to treat every single risk identified as an extremely high priority.
What should the risk manager do?
D
Explanation:
According to the PMBOK Guide, 6th edition, Section 11.6.2.1, Sensitivity Analysis, a sensitivity
analysis is a technique that helps to determine which individual project risks or other sources of
uncertainty have the most potential impact on project outcomes. A sensitivity analysis can be used to
prioritize risks based on their relative effect on the project objectives, such as cost, schedule, quality,
or scope. A sensitivity analysis can also help to identify areas where risk response efforts may be
most effective. Therefore, the risk manager should perform a sensitivity analysis and determine the
correct priority of every identified risk, rather than agreeing with the SME or the project sponsor, or
marking every risk with the same or different priority without proper analysis. Reference: PMBOK
Guide, 6th edition, Section 11.6.2.1, Sensitivity Analysis1
The risk manager should perform a sensitivity analysis to assess the impact of each risk on the
project objectives. This will help in determining the correct priority of every identified risk, ensuring
that resources are allocated effectively and that the most critical risks are addressed first.
The risk manager notices that in their workshops, most of the risks identified are threats. What
should the risk manager do to increase the number of opportunities identified?
C
Explanation:
The risk management plan is a document that describes how risk management activities will be
structured and performed on a project. It defines the roles and responsibilities, risk categories, risk
appetite and thresholds, risk identification and analysis methods, risk response strategies, risk
monitoring and reporting mechanisms, and risk governance mechanisms1. The risk management
plan should be aligned with the project management plan, which defines the project scope,
schedule, cost, quality, and other aspects2. When an organization decides to accelerate a key project,
it means that the project objectives, assumptions, constraints, and environment have changed. This
will affect the risk exposure and profile of the project, as well as the risk management approach and
resources. Therefore, the first action for the project risk manager to take is to revise the risk
management plan to reflect the new situation and ensure that the risk management process is still
effective and efficient. Revising the risk management plan may involve updating the risk categories,
risk appetite and thresholds, risk identification and analysis methods, risk response strategies, risk
monitoring and reporting mechanisms, and risk governance mechanisms to suit the accelerated
project. The project risk manager should also communicate the revised risk management plan to the
relevant stakeholders and obtain their approval and support1. Ensuring sufficient resources are
available, updating the risk register, and meeting with the project’s stakeholders are all important
actions to take when accelerating a project, but they are not the first action. These actions should be
done after revising the risk management plan, as they depend on the updated risk management
approach and process. For example, the project risk manager may need to allocate more resources to
risk management activities, identify and analyze new or changed risks, implement new or modified
risk responses, and report the risk status and performance to the stakeholders based on the revised
risk management plan1. Reference: 2, 1.