Chapter 11: Project Risk Management

Question 1

The Project Risk Management processes are:

Answer 1

Plan Risk Management, Identify Risks, Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, Plan Risk Responses, Implement Risk Responses, Monitor Risks

Question 2

Define “Individual project risk”

Answer 2

An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives

Question 3

Define “Overall project risk”

Answer 3

The effect of uncertainty on the project as a whole, arising from all sources of uncertainty including individual risks, representing the exposure of stakeholders to the implications of variations in project outcome, both positive and negative

Question 4

True or false: Individual project risks can have a positive or negative effect on project objectives if they occur

Answer 4

True

Question 5

True or false: Project Risk Management processes should be conducted iteratively

Answer 5

True. Risks will continue to emerge during the lifetime of the project

Question 6

Define “Risk threshold”

Answer 6

Risk thresholds express the degree of acceptable variation around a project objective. They are explicitly stated and communicated to the project team and reflected in the definitions of risk impact levels for the project

Question 7

What are some possible examples of Non-event risks?

Answer 7

A key seller may go out of business during the project, the customer may change the requirement after design is complete, or a subcontractor may propose enhancements to the standard operating processes

Question 8

There are two main types of non-event risks:

Answer 8

Variability risk: Uncertainty exists about some key characteristics of a planned event or activity or decision. And Ambiguity risk: Uncertainty exists about what might happen in the future

Question 9

Variability risks can be addressed using _____ analysis, with the range of variation reflected in probability distributions, followed by actions to reduce the spread of possible outcomes

Answer 9

Monte Carlo

Question 10

Emergent risks can be tackled through developing _______

Answer 10

project resilience

Question 11

Emergent risks can be tackled through developing project resilience. This requires each project to have:

Answer 11

1. Right level of budget and schedule contingency for emergent risks, in addition to a specific risk budget for known risks, 2. Flexible project processes that can cope with emergent risk while maintaining overall direction toward project goals, including strong change management, 3. Empowered project team that has clear objectives and that is trusted to get the job done within agreed- upon limits, 4. Frequent review of early warning signs to identify emergent risks as early as possible, 5. Clear input from stakeholders to clarify areas where the project scope or strategy can be adjusted in response to emergent risks

Question 12

Considerations for tailoring Project sizeProject Risk Management include but are not limited to:

Answer 12

Project size, Project complexity, Project importance, Development approach

Question 13

True or false: The Plan Risk Management process should begin when the first iterations and/or activities begin

Answer 13

False. The Plan Risk Management process should begin when a project is conceived and should be completed early in the project. It may be necessary to revisit this process later in the project life cycle, for example at a major phase change, etc.

Question 14

Data analysis techniques that can be used for the Plan Risk Management process includes but are not limited to:

Answer 14

A stakeholder analysis to determine the risk appetite of project stakeholders

Question 15

Define “risk breakdown structure (RBS)”

Answer 15

A hierarchical representation of potential sources of risk. An RBS helps the project team consider the full range of sources from which individual project risks may arise. This can be useful when identifying risks or when categorizing identified risks

Question 16

The risk appetites of key stakeholders on the project are recorded in the _____

Answer 16

risk management plan

Question 17

Define “Definitions of risk probability and impacts”

Answer 17

They are specific to the project context and reflect the risk appetite and thresholds of the organization and key stakeholders. The project may generate specific definitions of probability and impact levels or it may start with general definitions provided by the organization. The number of levels reflects the degree of detail required for the Project Risk Management process, with more levels used for a more detailed risk approach (typically five levels), and fewer for a simple process (usually three)

Question 18

Define “Reporting formats”

Answer 18

Reporting formats define how the outcomes of the Project Risk Management process will be documented, analyzed, and communicated

Question 19

Identify Risks is an _____ process, since new individual project risks may emerge as the project progresses through its life cycle and the level of overall project risk will also change

Answer 19

iterative

Question 20

The enterprise environmental factors that can influence the Identify Risks process include but are not limited to:

Answer 20

Published material, including commercial risk databases or checklists, Academic studies, Benchmarking results, and Industry studies of similar projects

Question 21

Define “SWOT analysis”

Answer 21

This technique examines the project from each of the strengths, weaknesses, opportunities, and threats (SWOT) perspectives. For risk identification, it is used to increase the breadth of identified risks by including internally generated risks. It identifies any opportunities for the project that may arise from strengths, and any threats resulting from weaknesses

Question 22

Define “prompt list”

Answer 22

A prompt list is a predetermined list of risk categories that might give rise to individual project risks and that could also act as sources of overall project risk. The prompt list can be used as a framework to aid the project team in idea generation when using risk identification techniques

Question 23

On completion of the Identify Risks process, the content of the risk register may include but is not limited to:

Answer 23

List of identified risks, Potential risk owners, List of potential risk responses

Question 24

Define the process “Perform Qualitative Risk Analysis”

Answer 24

It is the process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics. The key benefit of this process is that it focuses efforts on high-priority risks

Question 25

Where a facilitator is used to support the Perform Qualitative Risk Analysis process, addressing ____ is a key part of the facilitator’s role

Answer 25

bias

Question 26

Define “Risk data quality assessment”

Answer 26

It evaluates the degree to which the data about individual project risks is accurate and reliable as a basis for qualitative risk analysis. The use of low-quality risk data may lead to a qualitative risk analysis that is of little use to the project. Risk data quality may be assessed via a questionnaire measuring the project’s stakeholder perceptions of various characteristics, which may include completeness, objectivity, relevancy, and timeliness. A weighted average of selected data quality characteristics can then be generated to give an overall quality score

Question 27

Define “Risk probability and impact assessment”

Answer 27

Risk probability assessment considers the likelihood that a specific risk will occur. Risk impact assessment considers the potential effect on one or more project objectives such as schedule, cost, quality, or performance. Impacts will be negative for threats and positive for opportunities

Question 28

Define “Assessment of other risk parameters”

Answer 28

The project team may consider other characteristics of risk (in addition to probability and impact) when prioritizing individual project risks for further analysis and action

Question 29

The considered characteristics involved in the technique “Assessment of other risk parameters” may include but are not limited to:

Answer 29

Urgency, Proximity, Dormancy, Manageability, Controllability, Detectability, Connectivity, Strategic impact, Propinquity

Question 30

Define “Propinquity”

Answer 30

The degree to which a risk is perceived to matter by one or more stakeholders. Where a risk is perceived as very significant, propinquity is high

Question 31

Define “Probability and impact matrix”

Answer 31

It is a grid for mapping the probability of each risk occurrence and its impact on project objectives if that risk occurs. This matrix specifies combinations of probability and impact that allow individual project risks to be divided into priority groups

Question 32

Define “Hierarchical charts”

Answer 32

Where risks have been categorized using more than two parameters, the probability and impact matrix cannot be used and other graphical representations are required. For example, a bubble chart displays three dimensions of data, where each risk is plotted as a disk (bubble), and the three parameters are represented by the x-axis value, the y-axis value, and the bubble size

Question 33

A Risk Workshop is a specialized kind of _____

Answer 33

meeting

Question 34

Use of a skilled _____ will increase the effectiveness of a meeting

Answer 34

facilitator

Question 35

Define the process “Perform Quantitative Risk Analysis”

Answer 35

It is the process of numerically analyzing the combined effect of identified individual project risks and other sources of uncertainty on overall project objectives. The key benefit of this process is that it quantifies overall project risk exposure, and it can also provide additional quantitative risk information to support risk response planning

Question 36

True or false: the process Perform Quantitative Risk Analysis is not required for all projects

Answer 36

True

Question 37

Where the duration, cost, or resource requirement for a planned activity is uncertain, the range of possible values can be represented in the model as a ______

Answer 37

probability distribution

Question 38

What are some of the most commonly used forms of probability distribution?

Answer 38

triangular, normal, lognormal, beta, uniform, or discrete distributions

Question 39

Simulations are typically performed using a _____ analysis

Answer 39

Monte Carlo

Question 40

Define “Sensitivity analysis”

Answer 40

Sensitivity analysis helps to determine which individual project risks or other sources of uncertainty have the most potential impact on project outcomes. It correlates variations in project outcomes with variations in elements of the quantitative risk analysis model

Question 41

Define “tornado diagram”

Answer 41

A tornado diagram is a typical display of sensitivity analysis, which presents the calculated correlation coefficient for each element of the quantitative risk analysis model that can influence the project outcome. Items are ordered by descending strength of correlation, giving the typical tornado appearance

Question 42

Define “Decision tree analysis”

Answer 42

Decision trees are used to support selection of the best of several alternative courses of action. Alternative paths through the project are shown in the decision tree using branches representing different decisions or events, each of which can have associated costs and related individual project risks (including both threats and opportunities). The decision tree is evaluated by calculating the expected monetary value of each branch, allowing the optimal path to be selected

Question 43

Define “Influence diagrams”

Answer 43

Influence diagrams are graphical aids to decision making under uncertainty. An influence diagram represents a project or situation within the project as a set of entities, outcomes, and influences, together with the relationships and effects between them. Where an element in the influence diagram is uncertain as a result of the existence of individual project risks or other sources of uncertainty, this can be represented in the influence diagram using ranges or probability distributions. The influence diagram is then evaluated using a simulation technique, such as Monte Carlo analysis, to indicate which elements have the greatest influence on key outcomes

Question 44

The risk report will be updated to reflect the results of the quantitative risk analysis. This will typically include:

Answer 44

Assessment of overall project risk exposure, Detailed probabilistic analysis of the project, Prioritized list of individual project risks, Trends in quantitative risk analysis results, Recommended risk responses

Question 45

When conducting an assessment of overall project risk exposure, overall project risk is reflected in two key measures:

Answer 45

Chances of project success, indicated by the probability that the project will achieve its key objectives (e.g., required end date or interim milestones, required cost target, etc.) given the identified individual project risks and other sources of uncertainty, AND
Degree of inherent variability remaining within the project at the time the analysis was conducted, indicated by the range of possible project outcomes

Question 46

Risk responses should be:

Answer 46

Appropriate for the significance of the risk, cost-effective in meeting the challenge, realistic within the project context, agreed upon by all parties involved, and owned by a responsible person

Question 47

Define “Secondary risks”

Answer 47

Secondary risks are risks that arise as a direct result of implementing a risk response

Question 48

The _____ [document] identifies the nominated risk owner for each risk

Answer 48

risk register

Question 49

Five alternative strategies may be considered for dealing with threats, as follows:

Answer 49

Escalate, Avoid, Transfer, Mitigate, Accept

Question 50

Define “Escalate” as a strategy to deal with risks and threats

Answer 50

Escalation is appropriate when the project team or the project sponsor agrees that a threat is outside the scope of the project or that the proposed response would exceed the project manager’s authority. Escalated risks are managed at the program level, portfolio level, or other relevant part of the organization, and not on the project level. The project manager determines who should be notified about the threat and communicates the details to that person or part of the organization. Escalated threats are not monitored further by the project team after escalation, although they may be recorded in the risk register for information

Question 51

Define “Avoid” as a strategy to deal with risks and threats

Answer 51

Risk avoidance is when the project team acts to eliminate the threat or protect the project from its impact. It may be appropriate for high-priority threats with a high probability of occurrence and a large negative impact. Examples of avoidance actions may include removing the cause of a threat, extending the schedule, changing the project strategy, or reducing scope

Question 52

Define “Transfer” as a strategy to deal with risks and threats

Answer 52

Transfer involves shifting ownership of a threat to a third party to manage the risk and to bear the impact if the threat occurs. Risk transfer often involves payment of a risk premium to the party taking on the threat. Transfer can be achieved by a range of actions, which include but are not limited to the use of insurance, performance bonds, warranties, guarantees, etc. Agreements may be used to transfer ownership and liability for specified risks to another party

Question 53

Define “Mitigate” as a strategy to deal with risks and threats

Answer 53

In risk mitigation, action is taken to reduce the probability of occurrence and/or impact of a threat. Early mitigation action is often more effective than trying to repair the damage after the threat has occurred. Adopting less complex processes, conducting more tests, or choosing a more stable seller are examples of mitigation actions

Question 54

Define “Accept” as a strategy to deal with risks and threats

Answer 54

Risk acceptance acknowledges the existence of a threat, but no proactive action is taken. This strategy may be appropriate for low-priority threats, and it may also be adopted where it is not possible or cost-effective to address a threat in any other way. Acceptance can be either active or passive. The most common active acceptance strategy is to establish a contingency reserve, including amounts of time, money, or resources to handle the threat if it occurs. Passive acceptance involves no proactive action apart from periodic review of the threat to ensure that it does not change significantly

Question 55

Five alternative strategies may be considered for dealing with opportunities, as follows:

Answer 55

Escalate, Exploit, Share, Enhance, Accept

Question 56

Define “Escalate” as a strategy to deal with risk opportunities

Answer 56

This risk response strategy is appropriate when the project team or the project sponsor agrees that an opportunity is outside the scope of the project or that the proposed response would exceed the project manager’s authority. Escalated opportunities are managed at the program level, portfolio level, or other relevant part of the organization, and not on the project level. Opportunities are usually escalated to the level that matches the objectives that would be affected if the opportunity occurred. Escalated opportunities are not monitored further by the project team after escalation, although they may be recorded in the risk register for information

Question 57

Define “Exploit” as a strategy to deal with risk opportunities

Answer 57

The exploit strategy may be selected for high-priority opportunities where the organization wants to ensure that the opportunity is realized. This strategy seeks to capture the benefit associated with a particular opportunity by ensuring that it definitely happens, increasing the probability of occurrence to 100%. Examples of exploiting responses may include assigning an organization’s most talented resources to the project to reduce the time to completion, or using new technologies or technology upgrades to reduce cost and duration

Question 58

Define “Share” as a strategy to deal with risk opportunities

Answer 58

Sharing involves transferring ownership of an opportunity to a third party so that it shares some of the benefit if the opportunity occurs. It is important to select the new owner of a shared opportunity carefully so they are best able to capture the opportunity for the benefit of the project. Risk sharing often involves payment of a risk premium to the party taking on the opportunity. Examples of sharing actions include forming risk-sharing partnerships, teams, special-purpose companies, or joint ventures

Question 59

Define “Enhance” as a strategy to deal with risk opportunities

Answer 59

The enhance strategy is used to increase the probability and/or impact of an opportunity. Early enhancement action is often more effective than trying to improve the benefit after the opportunity has occurred. The probability of occurrence of an opportunity may be increased by focusing attention on its causes. Where it is not possible to increase probability, an enhancement response might increase the impact by targeting factors that drive the size of the potential benefit. Examples of enhancing opportunities include adding more resources to an activity to finish early

Question 60

Define “Accept” as a strategy to deal with risk opportunities

Answer 60

Accepting an opportunity acknowledges its existence but no proactive action is taken. This strategy may be appropriate for low-priority opportunities, and it may also be adopted where it is not possible or cost-effective to address an opportunity in any other way. Acceptance can be either active or passive. The most common active acceptance strategy is to establish a contingency reserve, including amounts of time, money, or resources to take advantage of the opportunity if it occurs. Passive acceptance involves no proactive action apart from periodic review of the opportunity to ensure that it does not change significantly

Question 61

True or false: When formulating plans to address risks, some responses are designed for use only if certain events occur

Answer 61

True. Risk responses identified using this technique are often called contingency plans or fallback plans and include identified triggering events that set the plans in effect

Question 62

Define the process “Implement Risk Responses”

Answer 62

It is the process of implementing agreed-upon risk response plans. The key benefit of this process is that it ensures that agreed-upon risk responses are executed as planned in order to address overall project risk exposure, minimize individual project threats, and maximize individual project opportunities

Question 63

Proper attention to the _______ process will ensure that agreed-upon risk responses are actually executed

Answer 63

Implement Risk Responses

Question 64

Define the process “Monitor Risks”

Answer 64

Monitor Risks is the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project. The key benefit of this process is that it enables project decisions to be based on current information about overall project risk exposure and individual project risks

Question 65

The Monitor Risks process uses performance information generated during project execution to determine if:

Answer 65

Implemented risk responses are effective, Level of overall project risk has changed, Status of identified individual project risks has changed, New individual project risks have arisen, Risk management approach is still appropriate, Project assumptions are still valid, Risk management policies and procedures are being followed, Contingency reserves for cost or schedule require modification, and Project strategy is still valid

Question 66

Data analysis techniques that can be used for the Monitor Risks process include but are not limited to:

Answer 66

Technical performance analysis, and Reserve analysis

Question 67

Define “Technical performance analysis”

Answer 67

It compares technical accomplishments during project execution to the schedule of technical achievement. It requires the definition of objective, quantifiable measures of technical performance, which can be used to compare actual results against targets. Such technical performance measures may include weight, transaction times, number of delivered defects, storage capacity, etc. Deviation can indicate the potential impact of threats or opportunities

Question 68

Define “Reserve analysis”

Answer 68

Throughout execution of the project, some individual project risks may occur with positive or negative impacts on budget or schedule contingency reserves. Reserve analysis compares the amount of the contingency reserves remaining to the amount of risk remaining at any time in the project in order to determine if the remaining reserve is adequate. This may be communicated using various graphical representations, including a burndown chart