Manage Risks 2 Flashcards
Your project has been underway for over 8 months, and you and your project team have been effectively conducting frequent risk reassessments throughout the project lifecycle. As a result, the Risk Register has become very large, denoting over 1,500 risks. Additionally, the project will complete in the next 2 months and the sponsor is eager to control risks tightly as the project nears closure. As such, your sponsor recommends that the project team conduct a risk audit. What is the purpose of conducting project risk audits?
A. To control risks
B. To ensure the risk is being adequately managed
C. To identify any residual risks not otherwise noted
D. All of the above
Answer: D
Process - Task 3 - Manage Risks
Project risk response audits are conducted to examine and document the effectiveness of risk response strategies and the performance of risk owners. The purpose is to ensure the response plan is working appropriately, but in doing so, you may find certain residual risks exist which must be handled.
You are conducting risk management activities on your project. You have gathered pertinent stakeholders together and identified all risks. Next, you analyze the risks to determine an appropriate amount of contingency reserves to put into the project baselines. What did you forget to do?
A. You need to Plan Risk Responses before doing determining contingency reserves
B. You need to Identify Stakeholders to ensure you have identified all stakeholders needing to be involved in this process
C. You need to Perform Quantitative Risk Analysis to prioritize the risks before Perform Qualitative Risk Analysis, which you use to identify contingency reserve amounts
D. You need to Perform Qualitative Risk Analysis to prioritize the risks before Perform Quantitative Risk Analysis, which you may use to identify contingency reserve amounts
Answer: D
Process - Task 3 - Manage Risks
Choice D is correct as you need to prioritize the risks (Qualitative Risk Analysis) before you quantify the risks (Quantitative Analysis). Prioritization will result in the risks being prioritized to determine which risks are significant. The risks which are relatively insignificant on probability and impact will be put on a watch list and will not be reviewed quantitatively. Choice A is incorrect as Perform Quantitative Risk Analysis may be used to calculate contingency reserves and results from this process are used as inputs to the Plan Risk Responses process. Choice B is incorrect since this question is not addressing stakeholder input, but rather a step that you missed. Choice C is incorrect as the terms are mismatched.
A hurricane caused power outages just when you were nearing completion of the first phase of your project. When the power was restored, all of the project reports and historical data were lost, with no way of retrieving them. What should have been done to mitigate this risk?
A. Purchase insurance
B. Create a reserve fund
C. Monitor the weather and have a contingency plan for backing up the files in question
D. Schedule the installation outside of the hurricane season
Answer: C
Process - Task 3 - Manage Risks
In this case, keeping an eye on weather conditions and having a back-up plan to protect important information would have minimized the impact of the hurricane. Note that D would be an avoidance tactic.
You and your team have traditionally used probability and impact to assess each risk. However, you have recently come to realize that there are other risk parameters to consider such as strategic impact and urgency. You realize that the probability/impact matrix will not be sufficient to represent these risks graphically, so you instead use a:
A. Stakeholder cube
B. Salience model
C. Bubble chart
D. Risk cube
Answer: C
Process - Task 3 - Manage Risks
A bubble chart displays three dimensions of data, where each risk is plotted as a bubble. Stakeholder cubes and salience models are used for identifying stakeholders. There is no such thing as a risk cube.
A __ __displays three dimensions of data, where each risk is plotted as a __
bubble chart
Stakeholder cubes and salience models are used for identifying __.
Stakeholder cubes and salience models are used for identifying stakeholders.
You are ensuring that agreed-upon risk response plans were implemented, as well as tracking identified risks and identifying and analyzing new risks. Under which project management process does this fall?
A. Plan Risk Responses
B. Identify Risks
C. Perform Quantitative Risk Analysis
D. Monitor Risks
Answer: D
Process - Task 3 - Manage Risks
Monitor Risks also involves the evaluation of risk process effectiveness throughout the project.
Your subject matter experts have identified a risk on the construction project that well exceeds the threshold of risk tolerance of your project. You decide that the best response in this case, rather than mitigate or avoid the risk to the project, is to transfer the risk. Which of the following may be used as a risk transfer tool?
A. Vendor proposal
B. Contract
C. Quotation
D. Project requirements
Answer: B
Process - Task 3 - Manage Risks
Contracts can be used as a risk transfer tool. The risk does not disappear, but the responsibility for the risk is transferred to a third party. Answer A, C, and D are all incorrect. A vendor proposal, a quotation, and project requirements do not serve as risk transfer tools.
A team member identifies a risk that will most likely affect the project but not in this upcoming sprint. The risk event’s probability and impact are currently unknown but will become more clear later in the project. What could you do as the project manager to plan for this risk?
A. Agile is a mindset so keep the team focused on delivery and hope the risk goes away on its own.
B. Do not add it to the risk register till you have sponsor approval.
C. Place the risk on the watch list or risk parking lot.
D. Add the risk to the risk register and schedule risk review meetings to monitor the impact of the risk on the project as it changes.
Answer: D
Process - Task 3 - Manage Risks
Risk reviews can be used in multiple methodologies to aid in planning for emerging risk events or in a high change environment read more in the PMBOK Guide p. 457 11.7.2.3
You are a project manager in the financial industry for a global bank. Your company, sponsor and industry are all risk adverse. All the following are reasons to make a minor update to the risk register except which one?
A. Change in contract terms and conditions
B. Cost management plan is changed
C. Communications management plan is changed
D. The project charter is changed
Answer: D
Process - Task 3 - Manage Risks
A change to the charter is a fundamental change to the project and may require a major adjustment to all aspects of the project management plan.
Risk on a project is characterized by an event that may or may not occur. Increasingly, there is a recognition non-event risks may occur, such as unseasonable weather during a construction phase. There are two main types of non-event risks which are what?
A. Variability risk; ambiguity risk
B. Overall project risk; ambiguity risk
C. Variability risk; overall project risk
D. Emergent risk; overall project risk
Answer: A
Process - Task 3 - Manage Risks
In variability risk, uncertainty exists about some key characteristics of a project, as in the unseasonable weather example. In ambiguity risk, uncertainty exists about what might happen in the future, for example, future developments in regulatory frameworks.
How can the WBS help us to manage risks?
A. Determines the probability of occurrence of risks
B. Allows for review of WBS elements for potential risk events
C. Further defines high-risk areas in the WBS.
D. Includes contingency activities in the WBS
Answer: B
Process - Task 3 - Manage Risks
The WBS will show you all the work to be done, from which you can identify potential categories of risk.
You are a project manager who is finishing off a basement for a private homeowner. Within the scope of the project is to install a backup standby generator, which will run on natural gas, which will automatically switch on if the local utility electric power goes out. This will allow the sump pump to continue to run during power outages created by storms or utility outages, and keep ground water out of the finished basement. The backup generator was installed on the side of the house nearest the gas and electric meters. During a test, the generator performed flawlessly, but it’s very noisy, and you are concerned that the homeowner’s next door neighbor might complain about the noise level if it runs for any significant duration of time. What is this potential situation with the neighbor called?
A. Fallback plan
B. Contingency plan
C. Secondary risk
D. Risk response
Answer: C
Process - Task 3 - Manage Risks
The potential for a neighbor complaining about the noise is a new risk that would result from implementing the primary risk response to the loss of power. This is known as a secondary risk, and should be added to the Risk Register.
A thorough review of the following will help identify potential risks to the project:
A. Risk identification checklists based on historical information and knowledge
B. The project’s change control system
C. The project charter
D. The project budget
Answer: A
Process - Task 3 - Manage Risks
Risk identification checklists can be developed from historical information and knowledge that has been accumulated from previous similar projects, and from other sources of information. These help identify potential risks to the project.
When using an adaptive project life cycle how should the PM manage risk?
A. By first planning for risk to ensure organization risk appetite is considered, then identifying all risks with documentation early in the project.
B. Risk should be considered in each iteration of the project; therefore, risk will be identified, analyzed, and managed during each iteration.
C. Risk should be managed in silos to prevent team members from distractions so that the team can focus on frequent delivery.
D. Risk doesn’t exist in adaptive projects as it is viewed as continuous change.
Answer: B
Process - Task 3 - Manage Risks
Risk will exist in all methodologies to aid in planning for risk in the agile environment. Risk should be considered in each iteration see the Agile Practice Guide p 94
As time passes in a project, which of the following does not happen?
A. Cost of change increases
B. Risk increases
C. Stakeholder influence decreases
D. Cumulative project spending increases
Answer: B
Process - Task 3 - Manage Risks
As time passes in a project the cost of change increases, risk decreases, and stakeholder influence decreases. Cost of change increases because as time passes if you make a change it will likely require rework. Risk decreases because as time passes you complete more work and thus your uncertainty goes down. Stakeholder influence decreases, because you gather information from stakeholders at the beginning of the project and as you go forward you are executing according to the plan rather than according to the whims of the stakeholders.
Risks are uncertain events that may impact a project. While this can mean that some risks are hard to control, it may not mean that they are entirely uncontrollable. Which of the following risks may be an uncontrollable risk?
A. Excessive change orders
B. Workmanship errors
C. Material costs
D. Scope growth
Answer: C
Process - Task 3 - Manage Risks
The market will determine material costs, and the project will have little control over them.
You are the project manager for a large automotive industry company. You are currently assigned to a project to revise the manufacturing facility in Detroit. You are on a very aggressive schedule and a labor union dispute is possible. You need to capture the risk of a work stoppage due to a labor strike. Which input is not used to Identify Risks?
A. Project charter
B. Agreements
C. Procurement Documentation
D. Project Documents
Answer: A
Process - Task 3 - Manage Risks
The project charter is not an input to Identify Risks. Project management plan, agreements, procurement documents, project documents, enterprise environmental factors and organizational process assets are inputs to the Identify Risks process.
You are the project manager for a large manufacturing company. Recent projects have been delayed due to unplanned risk. Your leadership is concerned and you do not want this to happen on your project. You are reviewing all relevant plans and documents. What is the importance of the team reviewing the WBS during risk identification?
A. The WBS includes all the work to be done, so it helps the team identify potential sources of risks.
B. It is a deliverable-oriented grouping of project elements that organizes and defines the total scope of the project.
C. The WBS includes all the work to be done, and only the work to be done, so all risks are listed therein.
D. It does not assist in this effort.
Answer: A
Process - Task 3 - Manage Risks
The WBS includes all the work, and only the work required to complete the project, so it helps the team identify potential sources of risks.
Your project is part of a program to provide software to a government organization. In performing risk analysis, you and your team uncover a risk that is outside the scope of your project but that might fundamentally affect the objectives of the program. Your next move should be to do what?
A. Create a contingency plan
B. Devise a mitigation
C. Escalate to the program manager
D. Avoid the risk by protecting your project from its impact
Answer: C
Process - Task 3 - Manage Risks
Escalate is a strategy which may be used for opportunities or threats, whenever the risk is outside the scope of the project, or the proposed response exceeds project manager authority levels.
We are carrying out interviews to analyze risks quantitatively. Which of the following statements is true?
A. Subject matter experts will be interviewed, even if they are not part of the project team, and the information derived will be used in your estimated monetary value analysis.
B. The information gathered depends on the type of probability distribution used
C. Only project team members will be interviewed.
D. Quantitative risk analysis results in a high, medium or low ranking for a given risk.
Answer: A
Process - Task 3 - Manage Risks
Subject matter experts should be interviewed to derive the relevant information, and they need not be part of the project team.
You are a project manager for a major telecommunications network upgrade with a NPV of $1,000,000. You are heavily dependent on a third party vendor for your project and your contract office informs you that there is a 30% chance that the vendor will go out of business at the end of the quarter. If that occurs, your project will incur a $300,000 cost overrun due to rework. There is also a 30% chance that new legislation will pass that will decrease government oversight of your team’s work. If this legislation passes, you estimate that your project will save $160,000 in time delays. Lastly, your technical lead indicates that there is a 20% chance that a new software package will be available by month’s end that could save $180,000 in testing time. If available, the software will cost $50,000 to procure and install. What is the total expected monetary value?
A. $164,000
B. $1,000,000
C. $990,000
D. ($16,000)
Answer: D
Process - Task 3 - Manage Risks
The formula for expected monetary value (EMV) is probability times impact. You first calculate the EMV for each event, then add them up to get the project EMV. Event 1: 30% x -300,000 = -90,000; Event 2: 30% x 160,000 = 48,000; Event 3: 20% x (180,000 - 50,000) = 26,000; EMV = -90,000 + 48,000 + 26,000; EMV = -16,000. Note that for risk event 3 we summed the impact first, then multiplied by the probability.
During Planning, you and your team had identified some risks and asked the sponsor to budget a certain amount of money in case any of those risks occurred. Several of those risks did occur and you had to use some of that money in order to put your planned responses into effect. You are growing concerned that you have spent more money than expected and want to discover if the remaining amount is sufficient. What is the next thing you should do?
A. Perform a technical performance analysis
B. Perform a reserve analysis
C. Perform a variance analysis
D. Perform a risk analysis
Answer: B
Process - Task 3 - Manage Risks
Reserve analysis compares the amount of contingency reserves to the amount of risk remaining to determine if the reserve is adequate. The other analyses are real but do not speak to the question.
As a team lead for the finance team on the latest marketing project, you have a particular interest in maximizing project-specific financial opportunities and windfalls. Your project manager tells you that the Risk Register is the primary project document used to track all such relevant risks for the project. Which of the following items should be set forth in the Risk Register?
A. Qualitative Risk Analysis, Quantitative Risk Analysis, and Risk Management Plan
B. Identified risks and stakeholder risk tolerances
C. List of identified risks, potential responses, root causes, and risk owner
D. Risk Responses, Risk Categories, Risk Management Plan
Answer: C
Process - Task 3 - Manage Risks
The Risk Register is a comprehensive document that lists, among other things, the specific risks, root causes, potential responses (optional), risk owners, triggers to watch for, and a list of risk categories from the RBS. It will be created during Identify Risk and updated after each subsequent risk process. A, B and D either include the Risk Management Plan or some element of it (risk tolerance), which is incorrect because the Risk Register is a separate document and serves a different purpose than the Risk Management Plan.
A particular risk can have a high impact score, but still have an overall low risk score. How is this possible?
A. The risk scores are graded on a bell curve
B. The probability of the risk is very low
C. The impact of the risk is not accounted for until it comes to fruition
D. The risk is analyzed using Monte Carlo analysis.
Answer: B
Process - Task 3 - Manage Risks
A risk can have a high impact on the project if it occurred, but at the same time have an extremely low probability score, which could result in an overall low rating.
Which method of risk analysis provides the project manager with a risk ranking?
A. Quantitative
B. Qualitative
C. The utility function
D. SWOT analysis
Answer: B
Process - Task 3 - Manage Risks
Qualitative risk analysis is a relatively fast and easy method to rank risks. The risk ranking is often shown as high, medium or low for each identified risk. Note that the urgency of the risk is also addressed (how quickly it is approaching).
A project sponsor is risk averse and is therefore concerned about negative impacts on the project. To help with this concern, the project team identifies four project risks and then evaluates both the probability of occurrence and the impact of the risk if it occurs. The team uses a 1-5 scale, 1 being the lowest and 5 being the highest. Risk A has a probability of 3 and an impact of 5, Risk B probability of 4 and an impact of 2, Risk C probability of 3 and an impact of 3, and Risk D probability of 2 and an impact of 2. Based on these data, in what order should the project manager rank these risks for risk management purposes?
A. A, C, B, D
B. B, A, D, C
C. D, A, C, B
D. C, D, A, B
Answer: A
Process - Task 3 - Manage Risks
A) Probability * Impact provides the risk ranking from highest to lowest. A = 35 = 15. B = 42 = 8. C = 33 = 9. D = 22 = 4. Therefore the risks should be ranked in the following order: A, C, B, D, PMBOK Guide Sixth Edition (2017) PMI/PMI/11.4/428
You are a senior project manager discussing project risk with a new PM. She is having trouble differentiating what is part of the risk management plan and what is documented in the risk register. Which of the following is not a component of the risk management plan?
A. Roles and responsibilities
B. Methodologies used to handle risk
C. Risk responses
D. Risk categories
Answer: C
Process - Task 3 - Manage Risks
Answer choices A, B, and D are all valid components of the risk management plan, which defines the framework and methodology for conducting the various risk processes. Choice C is the correct answer. Risk responses are documented in the risk register.
As part of your risk analysis, you and your project team have identified and prioritized all the risks of the project. For the highest-scoring risks, you have created responses. One of your team members asks if there is no need to worry about the lowest-scoring, lower-priority risks. What would you advise?
A. They should be put on a watch list for future monitoring
B. They can be archived as interesting but inessential information
C. You need to create responses to all risks
D. They can safely be ignored
Answer: A
Process - Task 3 - Manage Risks
Low-priority and low-scoring risks go on a watch list for monitoring. Left not monitored, they can bubble up and become higher priority risks.
You have taken over a project that is behind schedule and over budget. Many of the team members are disengaged and are resentful of having to work on this project. The prior project manager has left the company and provided no turnover documentation. Your first week on the project, your primary vendor may be shutting down. This risk was identified and documented on the risk register. What is the first thing you should do?
A. Review the risk report for the risk response strategy to determine next steps
B. Review the risk management plan for the risk response strategy to determine next steps
C. Review the risk register for the risk response strategy to determine next steps
D. Bring the schedule back in line with the schedule baseline
Answer: C
Process - Task 3 - Manage Risks
Neither the risk report (Choice A) nor the risk management plan (Choice B) would contain the individual risk responses. The risk register would have this information. While the schedule and budget are not looking good, the first thing you should do is address the risk at hand.
You are the project manager for a small consulting company. You are currently assigned to manage a project for the state government. Your company was awarded this contract due to the great reputation for sound risk planning that your company has earned. The tools and techniques of the Identify Risks process include all of the following except which one?
A. Data gathering
B. Risk Register
C. Interpersonal and team skills
D. Prompt Lists
Answer: B
Process - Task 3 - Manage Risks
Expert judgment, data gathering, data analysis, interpersonal and team skills, prompt lists and meetings are the tools and techniques of the Identify Risks process. The Risk Register is an output of Identify Risks (and not a tool/technique for anything, since it is an item and not a methodology).
Monitoring risk should be a continuous effort throughout your project and should always receive close attention. Which of the following is not true about controlling risk?
A. Risk identification and monitoring are the responsibilities of the entire project team.
B. It involves ensuring sufficient contingency reserves are in place given the remaining risks.
C. Risk mitigation is a risk response planning technique associated with opportunities that seek to increase the probability of occurrence or impact of a positive risk.
D. Residual risks are risks that remain after risk responses have been implemented.
Answer: C
Process - Task 3 - Manage Risks
Risk mitigation seeks to lower the probability of a negative risk occurring and soften the impact if it does occur. It is only used for negative risks (threats).
Upon review of your project risk register, you determine that you need to assign numeric probabilities to the risks on your project. Your analysis involves interviews and conducting expected monetary value analysis through the use of a decision tree. The outcome of your analysis is a prioritized list of quantified risks. Which of the following processes did you perform?
A. Perform Qualitative Risk Analysis
B. Identify Risk
C. Perform Quantitative Risk Analysis
D. Plan Risk Response
Answer: C
Process - Task 3 - Manage Risks
Quantitative Risk Analysis analyzes the probability of risks and their consequences using numeric probability assignments.
In which process do you create the Risk Breakdown Structure?
A. Identify Risk
B. Plan Risk Response
C. Perform Qualitative Analysis
D. Plan Risk Management
Answer: D
Process - Task 3 - Manage Risks
The RBS is part of the Risk Management Plan. Its structure is very similar to a WBS. The RBS is a hierarchically-organized depiction of the identified project risks arranged by risk category and subcategory that identifies the various areas and causes of potential risks.
The project requires the development of a human resources system (HRS) to centrally manage human resources and payroll. The project manager reviews historical data on company human resources practices and considers the regulatory framework of the project. Still, there are concerns about project risks. What should the project manager do in response to these concerns?
A. Recognize high-level project risks.
B. Calculate and quantify project risks.
C. Formulate a risk mitigation plan.
D. Engage in regular risk reviews.
Answer: A
Process - Task 3 - Manage Risks
The project manager must first identify the risks before you can quantify them, develop risk mitigation plans or review them. PMBOK Guide Sixth Edition (2017), 11. Project Risk Management / 11.2 Identify Risks, pp409-411
A project manager works for a company that is preparing to develop a new product. The new product will require currently unavailable skills. To initiate this project, what should the project manager do?
A. Develop detailed project requirements
B. Focus on quality control
C. Focus on the assessment of high-level risks
D. Develop a competitor analysis
Answer: C
Process - Task 3 - Manage Risks
If you plan to deliver a product and do not possess the skills required, this is a risk. PMBOK Guide Sixth Edition (2017) PMI/PMI/11.1.1.4/p403
Which risk response is most likely to involve contingency reserves?
A. Transfer
B. Mitigate
C. Acceptance
D. Share
Answer: C
Process - Task 3 - Manage Risks
Acceptance occurs when no change is made in connection with a given risk. A contingency can be set aside to off-set the impact of the risk event.
Which of the following describes the purpose of Perform Quantitative Risk Analysis?
A. Develop a probability of project success
B. Quantify the risk exposure of a project and determine the size of reserves needed
C. Perform sensitivity analysis
D. To create a Monte Carlo analysis
Answer: B
Process - Task 3 - Manage Risks
The Perform Quantitative Risk Analysis process will help establish a numerical value of risk exposure and reserves needed for the project.
You are the project manager at a major aeronautics company. The project team has identified the anticipated risks for the project, determined probabilities and impacts, and assigned risk owners to them. As the project management plan evolves, where will this information be housed?
A. Risk management plan
B. Risk responsibility breakdown
C. Risk register
D. Risk assignment matrix
Answer: C
Process - Task 3 - Manage Risks
The risk register is where risks are tracked and it would include things like identified risks, descriptions, probabilities, impacts, assigned owners, response strategies, etc. Choice A is incorrect – the risk management plan defines the general approach, or how you will go about doing the various risk planning and monitoring & controlling activities, but does not address specific risks. Choices B and D are made up terms.
You are the project management for an IT firm contracted to install a point-of-sale system at a local bowling alley. While collecting requirements, you identify several potential issues that may cause the project to be more expensive then originally anticipated. You conduct an analysis using an Ishikawa diagram to attempt to isolate the root causes in hopes of preventing their occurrence. The outputs of which process would be updated with the information you are collecting?
A. Identify Risk
B. Perform Qualitative Analysis
C. Control Quality
D. Plan Risk Response
Answer: A
Process - Task 3 - Manage Risks
You are working on the Identify Risks process (specifically, using the Diagramming tool and technique- Ishikawa diagram). Identify Risks is the process of determining which risks might affect the project.
Who is responsible for ensuring that agreed-upon responses will be executed for risk events that occur?
A. Risk owner
B. Risk manager
C. Project Manager
D. All of the above
Answer: A
Process - Task 3 - Manage Risks
Risk owners will take responsibility for planning an appropriate risk response and ensuring that it is implemented.
You are the team facilitator for an Agile project and your team is trying to identify additional risks. A reactive method of risk identification in which the analysis is performed after an issue has occurred uses which of the following tools?
A. SWOT Analysis
B. Root Cause Analysis
C. Assumptions and Constraints Analysis
D. Brainstorming
Answer: B
Process - Task 3 - Manage Risks
Root Cause Analysis is generally performed on an issue. Since one issue can potentially cause other possible issues, then that potential issue is a risk (uncertainty). Out of the options given, only Root Cause Analysis is analyzing an issue to determine any future potential risks (which is more of a reactive approach). PMI Authorized PMP Exam Prep Student Guide/ Page 150
The key benefit of Implement Risk Responses is that it ensures that agreed-upon risk responses are executed as planned to address overall project risk exposure, minimize individual project threats and:
A. Maximize individual project opportunities
B. Focus efforts on high-priority risks
C. Provide lessons learned for future phases
D. Quantifies overall project risk exposure
Answer: A
Process - Task 3 - Manage Risks
Risks can be both positive and negative. So, when implementing risk responses, it is important to both minimize threats and maximize opportunities. Note that each process in the PMBOK has both a key benefit and purpose, it is wise to know both.
You are working on a large construction project as a project manager and have just found an opportunity to save a lot of money on your project. Which of the following is an example of exploiting the opportunity?
A. Partnering with another company to take advantage of the opportunity
B. By changing your project approach to ensure that you achieve the full benefits of the opportunity
C. Hiring workers in another country to work long hours in poor conditions for very low pay
D. By taking out an insurance policy to reduce your project costs
Answer: B
Process - Task 3 - Manage Risks
Exploiting means you actively go after the opportunity. Choice A describes sharing. Choice C uses the term exploit in its typical, day-to-day meaning, which is not generally how you should answer terminology-driven questions on the Project Management Professional (PMP) exam. Choice D describes transferring, which is a negative risk strategy and should not be used for opportunities.
You are conducting risk management activities on your project. You are starting to develop risk responses to some of the higher priority risks. You have identified the potential for hurricane damage due to the fact you are building a new facility in a known hurricane zone during hurricane season. If a hurricane should occur, the damage to the building, and subsequent repairs, will push out your project end date quite substantially. You decide to move the location of the new facility to a different area that does not experience hurricanes at all. What type of risk response is this?
A. Avoidance
B. Exploiting
C. Mitigation
D. Transfer
Answer: A
Process - Task 3 - Manage Risks
Choice A is the correct answer since you are completely avoiding the risk by moving the facility to a different location which does not experience hurricanes. Choice B is incorrect because exploiting is a response for a positive risk (opportunity) - this is a threat. Mitigation (Choice C) would decrease the probability and/or impact. Transfer (Choice D) involves a contract or an insurance policy, which is not mentioned in the question.
A project manager implemented an approved change to manage a risk. Three months after the implemented change, the project manager learns that the change did not produce the desired result, and there are adverse consequences. What can the project manager do to avoid this problem on future projects?
A. Follow up to verify that a risk response is performing as expected.
B. Revisit or change existing assumptions after reviewing the assumption log.
C. Update the lessons learned register with the risk information.
D. Update the probability and impact matrix after assessing any new risks
Answer: A
Process - Task 3 - Manage Risks
Project work should be continuously monitored for new, changing, and outdated individual project risks and for changes in the level of overall project risk by applying the Monitor Risks process. The Monitor Risks process uses performance information generated during project execution to determine if the response was effective. PMBOK Guide Sixth Edition (2017), 11. Project Risk Management / 11.7 Monitor Risks, p453-454
manager, how do you proceed?
A. Refer to the risk management plan and conduct a risk workshop
B. Quantify the risk, develop potential solutions, and manage the risk appropriately
C. Follow the process outlined in your OPAs and EEFs
D. Determine the appropriate strategy, ID solutions, and implement risk responses
Answer: B
Process - Task 3 - Manage Risks
When a new risk is identified, the PM must take a proactive stance. Once risk has been identified, the next steps are to perform qualitative risk analysis, perform quantitative risk analysis, plan risk responses, implement risk responses, and finally monitor risks.
While preparing the Risk Management Plan for your project, you find that you are still unsure how to determine if certain risk responses are a proper fit in given situations. When is it appropriate to accept a project risk?
A. When the qualitative rating is moderate or lower
B. Never – all risks must be mitigated or transferred.
C. When the project team has never completed this type of project work before
D. When the expense and hassle of responding to the potential risk event outweigh the effects it would cause if it occurred
Answer: D
Process - Task 3 - Manage Risks
Those risks which carry an impact that is lower than the impact created by responding to the risk itself should generally be accepted.
Through discussions with your peers, you come to understand there is a trend in risk management to start dealing with emergent risks. These are risks only recognized after they have occurred. Knowing this, you should make sure you do all of the following except:
A. Have an empowered project team with clear objectives and is trusted to get the job done
B. Have a contingency plan for every possible thing that might go wrong
C. Frequently review early warning signs to identify emergent risk as soon as possible
D. Have flexible project processes to cope with emergent risk while maintaining direction toward project goals
Answer: B
Process - Task 3 - Manage Risks
The best you can do is prepare yourself as much as possible for emergent risk. You cannot have a contingency against everything that could possibly happen.
Based on historical data, the amount of overtime associated with the design effort of a project is estimated at 100 hours with a 40% probability of occurrence, and there is also a 20% chance that 300 hours will be required. Each hour of overtime costs $50 to the project. What is the expected monetary value of the amount of overtime anticipated?
A. $10,000
B. $8,000
C. $5,000
D. $13,000
Answer: C
Process - Task 3 - Manage Risks
Scenario 1: 100 x 0.4 = 40 hours ; Scenario 2: 300 x 0.2 = 60 hours; Total = 100 hours at $50 per, for a total of $5,000.
You have identified earthquakes as potential risks to your project. When discussing with your project sponsor, she mentioned that at the project level, no steps can be taken to deal with such risk and suggested creating a contingency reserve (5% of the project budget) to be used in case of disaster situations. This is an example of:
A. Risk Mitigation
B. Risk Acceptance
C. Risk Avoidance
D. Bad policy decision
Answer: B
Process - Task 3 - Manage Risks
Acceptance is a strategy that often must be adopted because it is seldom possible to eliminate all risk from a project. This strategy indicates that the project team has decided not to change the project management plan to deal with a risk, or is unable to identify any other suitable response strategy. This commonly involves "active acceptance," which utilizes a contingency reserve, including amounts of time, money, or resources set aside to help cover a risk event’s impact.
You are the project manager for a large diesel motor company. You have been awarded a new contract for which you are the project manager. A new risk is identified on your project. Which documents need to be updated?
A. Risk register
B. Work breakdown structure (WBS)
C. Risk management plan
D. A and C
Answer: A
Process - Task 3 - Manage Risks
When a new risk is identified, the risk register must be updated. The risk management plan is the framework for performing risk processes and does not contain a list of identified risks (though it would contain known risk categories set forth in the risk breakdown structure). Risks are not documented in the risk management plan.
You have identified several risks on your project but there is one particular risk that would result in a $100,000 loss should it materialize. Management has suggested a couple of solutions for you to explore that would allow you to minimize the impact should this risk occur, however, you are adamant that an insurance policy is the best way to proceed. Which of the following is true?
A. Management is trying to mitigate the risk whereas you are trying to transfer the risk. Mitigating would be the better option since you can share the financial burden with the other partner organization.
B. Management is trying to transfer the risk whereas you are trying to mitigate the risk. Mitigating would be the better option since you can share the financial burden with the other partner organizations.
C. Management is trying to transfer the risk whereas you are trying to mitigate the risk. Transferring the risk would be the better option in this case since it involves the total financial loss should the risk materialize.
D. Management is trying to mitigate the risk whereas you are trying to transfer the risk. Transferring the risk would be the better option in this case since it shifts the entire financial loss should the risk materialize.
Answer: D
Process - Task 3 - Manage Risks
Management’s approach of minimizing the impact of the risk with another solution is Mitigation whereas your approach of taking out an insurance policy is Transfer (because the insurance company would bear the risk of the loss). Taking out an insurance policy to protect from the large financial loss would be the best approach, because the amount is so significant.
Why are risk tolerances and thresholds important to identify in the risk management plan?
A. Tolerances and thresholds, when documented, can help to define the target by which the project team can measure the effectiveness of the risk response plan execution
B. Tolerances and thresholds help to define how often the risk management process will be performed
C. Tolerances and thresholds determine what tools and data sources will be used in risk management
D. Tolerances and thresholds provide the basis for costing the risk management process as well as defining how risk activities will be recorded
Answer: A
Process - Task 3 - Manage Risks
A) Choice A is correct. Tolerances and thresholds, when documented, can help to define the target by which the project team can measure the effectiveness of the risk response plan execution. B) Choice B is incorrect because it defines the timing that should be addressed in the risk management plan. C) Choice C is incorrect because it defines the methodology that should be identified in a risk management plan. D) Choice D is incorrect because it touches on the budgeting and tracking that should be defined in the risk management plan.
Ben is a project manager for an excavation firm which does a lot of work for the federal highway system. He made some assumptions regarding weather delays in his current project and added a 30-day contingency reserve to his project schedule. Recent weather data has proven his assumptions incorrect. Of the following, which should Ben do to update the outdated assumptions about risk?
A. Update project charter
B. Update risk register
C. Update scope statement
D. Update the issue log
Answer: B
Process - Task 3 - Manage Risks
Once established, the project charter is typically not updated. The project scope statement is updated only when there are scope changes. In this scenario, since the risk register is updated during the Monitor Risks process, and since any outdated assumptions must be updated during this process, Ben needs to update the risk register. You may have chosen answer choice D, but the question is specifically asking about updating the outdated assumptions about risk.
In agile, what is the term used to describe the prioritizing of a feature based on its value compared to its risk?
A. Risk management plan
B. Risk-prioritized backlog
C. Risk assessment
D. Risk-adjusted backlog
Answer: D
Process - Task 3 - Manage Risks
Option D is correct. Risk-adjusted backlog is the term used to describe the prioritization of user stories / features based on value compared to risk. You may want to give higher priority to features with high levels of risk to ensure you have adequate resources to overcome any potential shortcomings.
