Risk Flashcards
If a project has a 60 percent chance of a $100,000 profit and a 40 percent chance of a $100,000 loss, the expected monetary value of the project is:
$20,000 profit $60,000 loss $100,000 profit $40,000 loss
$20,000 profit
EMV = probability * impact. 0.6 * $100,000 = $60,000. 0.4 * ($100,000) = ($40,000). $60,000 - $40,000 = $20,000 profit.
Which of these is an input to the Monitor Risks process?
Work performance information Change requests Work Performance Reports Risk audits
Work performance reports are inputs to the monitor risks process.
Melissa is managing a hardware deployment project and is creating a risk management plan. Which of the following would not be included in this plan?
Methodology Budgeting Roles and responsibilities Templates
Templates
Templates is not a valid response. The other choices are typical components of a risk management plan.
Which of these is not a data analysis technique used during quantitative risk analysis?
RACI chart Tornado diagram Influence diagrams Decision tree
RACI chart
RACI chart is not a data analysis technique used during quantitative risk analysis. Rest of the choices are valid techniques for data analysis.
Mary is managing an organizational transformation project. The nature of the project would require responding to high levels of change and would also require continuous stakeholder engagement. Which of the project lifecycles should be chosen for this project?
Waterfall life cycle Plan-driven life cycle Predictive life cycle Adaptive life cycle
Adaptive life cycle
Projects with adaptive life cycles are intended to respond to high levels of change and require ongoing stakeholder engagement. All other choices are predictive life cycles which are designed to be plan driven rather than being change driven.
Which of the following is true about risks?
Risks always have negative impact and not positive. Risk impact should be considered, but probability of occurrence is not important. The risk register documents all the identified risks in detail. Risk Response Plan is another name for Risk Management Plan.
The risk register documents all the identified risks in detail.
The risk register contains details of the identified risks.
A decision tree is a Perform Quantitative Risk Analysis technique. A decision tree is represented by a Decision Tree Diagram. The decision tree describes a situation under consideration, the implications of each of the available choices, and the possible scenarios. A Decision Tree Diagram shows how to make a decision among alternative capital strategies known as:
Alternative nodes Question points Decision nodes Checkpoints
Decision nodes
The decision points are known as decision nodes. The decision tree incorporates the cost of each available choice, the possibilities of each of the available choices, and possible scenarios. It shows how to make a decision among alternative capital strategies (decision nodes) when the environment is not known with certainty.
A project manager is currently in the process of prioritizing individual project risks by assessing their detectability, proximity, and impact value. The project manager would like to create a graphical representation of these three dimensions. What is the best course of action?
Develop a bubble chart Create a probability and impact matrix Prepare a requirements traceability matrix Generate a RACI chart
Perform Qualitative Risk Analysis is the process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics such as detectability, proximity, and impact value. Thus, the project manager is conducting the Perform Qualitative Risk Analysis process and needs to create a graphical representation of project risks along three dimensions. A data representation technique that may be used in support of this process includes hierarchical charts, of which bubble charts are an example. A bubble chart displays three dimensions of data, where each risk is plotted as a disk (bubble), and the three parameters are presented by the X-axis value, the Y-axis value, and the bubble size. In this scenario, the detectability and proximity can be plotted on the X and Y axes, and the impact value represented by the bubble size. The incorrect answer choices describe charts that can only display two parameters rather than three.
You are establishing the relative priorities of individual project risks that have been identified earlier in the project. Which of the following tasks are you least likely to perform?
Review the assumption log Research the stakeholder register Create the risk report Examine the risk register
Create the risk report
Perform Qualitative Risk Analysis is the process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics. Thus, the question suggests that the Perform Qualitative Risk Analysis process is being performed in this scenario. The assumption log, risk register, and stakeholder register are all project documents which may serve as inputs into the Perform Qualitative Risk Analysis process. Note, the question is asking for the ‘least’ likely activity to be performed in support of this process. The risk report is a project document that provides information on sources of overall project risk as well as the summary information on individual project risks and is created as part of the Identify Risks process, not the Perform Qualitative Risk Analysis process, making the risk report the best answer to the question asked.
A small project with a limited budget is trying to curtail costs. Which of the following processes may be eliminated in such a project?
Plan Risk Management Perform Qualitative Risk Analysis Perform Quantitative Risk Analysis Identify Risks
Perform Quantitative Risk Analysis
Availability of budget and time is a key factor that determines the need for the perform quantitative risk analysis process. A small project with a limited budget may decide to do away with this process if the project management team decides that quantitative statements about risk and impacts are not needed.
You are the project manager of a project and are about to conduct a risk identification exercise in a few days’ time. You want to remind the participants in the exercise beforehand of the various sources from which risk may arise in the project. What could you use to help you do this?
A Risk Simulation Structure (RSS) A Risk Register An Impact Matrix A Risk Breakdown Structure (RBS)
The risk breakdown structure (rbs) is a hierarchically organized depiction of identified project risks arranged by risk category and subcategory. This may be based on a previously prepared categorization framework. The rbs serves to remind participants in the risk identification exercise of the different sources from which project risk may arise.
Early in the project, you are meeting with your team and would like to address all the strengths, weaknesses, opportunities, and threats the project is facing. What tool should be used?
SWOT Analysis Interviewing Delphi Technique Brainstorming
SWOT Analysis
A swot analysis chart would be the best choice. Swot is an acronym for strengths, weakness, opportunities and threats.
Your project team has recently identified a risk in the software development project and decided not to change the project management plan to deal with the risk. The risk response strategy that your team used in this scenario is an example of:
Transfer Avoid Mitigate Acceptance
When risks cannot be handled or managed in a project, it is advisable to accept them. In this scenario, your team is unable to devise a suitable response strategy. Hence, risk acceptance is the correct strategy to employ.
During a recession, a project manager posts a positive risk that in the current economic environment, cheaper resources may become available. On the way into work, the project manager hears about a competitor going out of business and contacts the competitor to acquire some equipment, materials, and supplies at a fraction of their normal value. What is the project manager doing?
Sharing a realized positive risk Transferring an identified risk Executing a mitigation plan Reacting to a contingency plan trigger
Some risk responses are designed for use only if certain events occur. For some risks, it is appropriate for the project team to make a response plan that will only be executed under certain predefined conditions. Risk responses identified using this technique are often called contingency plans or fallback plans and include identified triggering events that set the plans in effect. The question describes a positive risk (opportunity) that was identified and captured in the risk register along with the risk trigger and responses. Part of the responsibility of the project manager and the risk owner is to understand what events may cause (or trigger) a risk to occur. In this case, the project manager heard of a competitor going out of business which triggered the action of contacting the competitor to acquire resources much cheaper than they otherwise could have been purchased. Note that the project manager also exploited an opportunity in this situation. However, exploiting the realized risk was not offered as an answer choice. Therefore, of the available options, reacting to a contingency plan trigger is the best response.
Perform Qualitative Risk Analysis is a quick way to prioritize how a project team will respond to risks. It is based on risk _________________ and _________________.
Probability, impact Probability, focus Probability, exposure Exposure, cost
Probability, impact
Perform qualitative risk analysis is usually a rapid and costeffective means of establishing priorities for the plan risk responses process.
Which of these is accurate regarding risk management?
It is a passive activity in project management. Organizations are not likely to perceive risk as a threat to project success. The attitudes of individuals and organizations must not be a factor affecting risk management. It has its origins in the uncertainty present in all projects.
Risk management does indeed have its origins in the uncertainty present in all projects.
With a parking garage construction project underway, you are currently creating the risk management plan. In support of this process, you need to determine the acceptable level of overall project risk exposure. What should you do first?
Consult the risk exposure register within the organizational process assets
Develop a set of responses to individual project risks to mitigate overall project risk
Determine the risk appetites of key project stakeholders
Facilitate a brainstorming meeting to develop a comprehensive list of project risks
The risk management plan is created as an output of the Plan Risk Management process. Stakeholder risk appetite is one of the elements which may be included in the risk management plan. The risk appetites of key stakeholders on the project are recorded in the risk management plan. In particular, stakeholder risk appetite should be expressed as measurable risk thresholds around each project objective. These thresholds will determine the acceptable level of overall project risk exposure. The incorrect answer choices represent activities which would not likely be conducted as part of the development of the risk management plan. Therefore, of the available options, determining the risk appetites of key stakeholders is the best answer to the question asked.
Negative risks can either be ______, transferred, or mitigated as a countermeasure.
ignored avoided exploited enhanced
avoided
You can avoid a risk by revising the project plan to eliminate the risk entirely.
Which of the following is NOT a valid WBS creation approach:
Parametric approach
Use of WBS templates
Top-down approach
Use of organizational guidelines
Parametric approach
A WBS structure may be created through various approaches. Some of the popular methods include the top-down approach, the use of organization-specific guidelines, and the use of wbs templates. Parametric approach is an estimation technique and not a valid wbs creation technique.
Which of the following is true about risks?
A risk usually has a single cause and, if it occurs, usually has a single effect. A risk usually has more than one cause, and if it occurs, usually has a single effect. A risk may have one or more causes, and, if it occurs, may have one or more effects. A risk usually has a single cause and, if it occurs, may have one or more effects.
A risk may have one or more causes, and, if it occurs, may have one or more effects.
A project risk is an uncertain event or condition whose occurrence may affect the objectives of the project. A risk may have one or many causes, and if it occurs, it may have one or more impacts.
Decision tree analysis is used to calculate the average outcome when the future includes scenarios that may or may not happen. What are a decision node’s inputs and outputs?
Input: Cost of each decision; Output: Probability of occurrence
Input: Scenario probability; Output: Expected Monetary Value (EMV)
Input: Cost of each decision; Output: Decision made
Input: Cost of each decision; Output: Payoff
Input: Cost of each decision; Output: Decision made
Decision tree analysis is used to calculate the average outcome when the future includes scenarios that may or may not happen. In a decision node, the input is the cost of each decision and the output is a decision made.
Joe is attempting to calculate the probable financial impact of some future uncertain scenarios. What method could he use?
Pareto analysis Variance analysis Expected monetary value analysis Earned value analysis
Expected Monetary Value (EMV) analysis is a statistical concept that calculates the average outcome when the future includes scenarios that may or may not happen. The EMV of opportunities will usually be positive values while risks will result in negative values.
You have been managing a research project to create genetically modified fruits using genetic engineering techniques. Since many legal issues are involved in this process, you created contingency allowances by using various quantitative analysis methods to account for cost uncertainty. You have just concluded a brainstorming session with your team in the execution phase to monitor risks that have developed in the project over the past few weeks and to establish new risk response plans. What should you do if you want to allocate more contingency reserves to account for new risks?
Perform the reserve analysis to compare the amount of contingency reserves remaining to the amount of risk remaining Perform Monte Carlo analysis to compare the amount of contingency reserves remaining to the amount of risk remaining Perform the quantitative risk analysis to determine the outstanding risks Perform the variance and trend analysis to compare planned results to the actual results
Perform the reserve analysis to compare the amount of contingency reserves remaining to the amount of risk remaining
Many risks may develop over the course of any project. Project managers must monitor those risks and plan risk responses. The reserve analysis is used as a tool in the monitor risks process. This technique is used to compare the amount of contingency reserves remaining to the amount of risk remaining throughout the execution of the project. Hence, you must conduct a reserve analysis first to decide on the contingency allowances.
Which of the following processes produces a Risk Register?
Perform Qualitative Risk Analysis
Identify Risks
Plan Risk Management
Perform Quantitative Risk Analysis
Identify Risks
The risk register is an output of the identify risks process.
During the Plan Risk Management process, assigning ___________ will help you and the project team identify all important risks and work more effectively during the identification process.
Blame Risk factors Risk mitigation plans Risk categories
Risk categories
Risk categories provide a structure that ensures a comprehensive process of systematically identifying risks and that contributes to the effectiveness and quality of the process.
At the beginning of the project, a project manager realized the technical expertise of the team was limited, a risk to the project. Midway through the project, the project manager decided that this was no longer a risk and considered it outdated. As part of which process would he do the risk reassessment?
Perform Qualitative Risk Analysis Perform Quantitative Risk Analysis Perform Risk Assessment Monitor Risks
Risk reassessment is performed as part of the monitor risks process. Such project risk reassessments should be regularly scheduled and may result in the closure of outdated risks.
There are a number of risks that have been identified in your project. The team has decided not to change the project plan to deal with the risks, but they have established a contingency reserve of money in the event something triggers these risks. This is an example of what type of risk mitigation technique?
Passive acceptance Avoidance Contingent Response Strategy Active acceptance
Active acceptance
Recognizing the risk and not changing the plan but making some contingencies in the event the risk is triggered is an example of active acceptance. Passive acceptance would recognize the risk but not put contingencies in place, and avoidance would be correct if the project plan were modified.
Which of the following is not a valid instance of risk transference?
Fixed Price contracts Use of a Cost Reimbursable contract Performance bonds Warranties
A cost-reimbursable contract does not transfer risk to the seller; rather, the risk is with the buyer. Risk transference involves shifting the negative impact of a risk, along with the ownership of the response, to a third party. Risk transference nearly always involves payment of a premium to the party taking on the risk. Examples include performance bonds, warranties, and fixed price contracts.
You are in the middle of a risk assessment meeting with key stakeholders, customers and project team leaders. While identifying and assessing risks, you realize that two key stakeholders are overemphasizing the impact of a risk. What is the best step to take to avoid unfairness or bias when assessing risks?
Implement assumptions analysis to explore the validity of assumptions Perform sensitivity analysis to establish which risks have the most impact on the project Develop a risk response strategy to eliminate threats Engage a neutral facilitator to support the Perform Qualitative Risk Analysis process.
Engage a neutral facilitator to support the Perform Qualitative Risk Analysis process.
Engaging a neutral facilitator to support the perform qualitative risk analysis process should help address bias.
Three strategies that typically deal with negative risks or threats are:
Transfer, Exploit, and Accept
Avoid, Transfer, and Mitigate
Avoid, Transfer, and Exploit
Enhance, Share, and Accept
Avoid, Transfer, and Mitigate
Five negative risk management strategies are: escalate, avoid, transfer, mitigate, and accept.
You are the project manager for a project and have just entered the third year of a scheduled four-year project. You need to evaluate new risks that have arisen since the project began. What agenda item do you need to add to your next team meeting?
Risk re-assessment
Process Improvement Plan
Risk audit
Variance and trend analysis
Risk re-assessment
A risk reassessment is a technique that involves reevaluating project risks and identifying new risks that arise as the project moves forward. These risks are evaluated and placed in the risk register. The pmbok recommends conducting risk reassessments during team meetings as a part of the monitor risks process.
A number of identified risks occurred early in a project. As a result, most of the project objectives ended up in jeopardy. The project manager decided to present a case to management that the project be closed down. This is an example of:
Risk Transfer Risk Avoidance Risk Acceptance Risk Mitigation
Risk avoidance involves changing the project management plan to eliminate the risk. Although an extreme situation, shutting down a project constitutes a radical but legitimate avoidance strategy.
As part of project planning, you and your project team are developing a comprehensive list of individual project risks and sources of overall project risk. You want to analyze the validity of assumptions and constraints to determine which pose a risk to the project. Which technique will be the most helpful for you?
Data analysis Perform Qualitative Risk Analysis Cost-benefit analysis Perform Quantitative Risk Analysis
The question implies that the project team is performing the Identify Risks process. Assumption and constraint analysis is one of the data analysis techniques used during the Identify Risks process. Assumption and constraint analysis explores the validity of assumptions and constraints to determine which pose a risk to the project. This is the data analysis technique being used by the project team.
An organization wishes to ensure that the opportunity arising from a risk with positive impact is realized. This organization should:
Exploit the risk Mitigate the risk Accept the risk Avoid the risk
Exploit the risk
Five strategies to deal with risks with potentially positive impacts on project objectives are to escalate, exploit, share, enhance, or accept the risk. An exploit strategy ensures that the opportunity is realized.
The X in the DfX can be:
Design assumptions Different aspects of product development Discretionary dependencies Competing project constraints
The X in the DfX can be different aspect of product development, such as reliability, deployment, assembly, manufacturing, cost, service, usability, safety, and quality.
Which term best describes the Identify Risks process?
Finite Iterative Inconsequential Redundant
Iterative
The identify risks process is an ongoing, iterative process as risks are often identified throughout the project’s life cycle.
Your risk report shows that project risk exposure overall has grown close to a negative threshold. Before the next regular meeting, you ask risk owners to present any risks and opportunities that may affect short-term activities. In the meeting, it becomes clear that risk owners from less engaged departments did not implement some of the previously approved responses. What should you do now to reduce risk exposure?
Reassign the risk ownership to team members who are in departments that are more engaged in the project
Privately confront the risk owners with the issue and collaborate to remove any impediments to the risk responses
Submit a change request to exploit an opportunity that potentially makes up for the undone risk responses
Escalate the issue by calling a meeting with the risk owners and their managers to discuss disciplinary measures
Your project charter granted you a certain level of authority as the project manager, and you are expected to exercise your influence, leadership and management skills. Interpersonal and team skills are among the tools and techniques that project managers can use as part of the Implement Risk Responses process. A private confrontation avoids embarrassing individuals unnecessarily. You can take the time to understand what is holding the risk owner from implementing the risk responses they agreed to do. Working together may lead to a more expert or timely approach to eliminate obstacles and reduce risk exposure.
A project manager notifies the project sponsor that the mitigation strategy for a major risk did not work. The sponsor states that the same risk response was implemented a few months ago on a similar project with the same result. How might this situation have been avoided?
The project manager should have researched the lessons learned register for knowledge gained throughout similar past projects
The project manager should have applied the avoidance risk response strategy because the risk had been seen before in past projects
The project manager should have researched the lessons learned repository for knowledge gained throughout similar past projects
The project manager could not have avoided this situation since it is impossible to determine in advance the effectiveness of a risk response
In this situation, a risk response was implemented and found to be ineffective for the current project. As it turns out, the same risk response was applied during a similar past project and experienced the same result. It is not enough to select a risk response strategy; the project manager also needs to validate the strategy by talking with experts, researching historical data, looking for analogous projects, reviewing lessons learned, etc. While it is not possible, with complete accuracy, to determine in advance the effectiveness of a risk response, past experience is the best guide. Failing to take into account the lessons learned from the past will likely lead to a repetition of the same mistakes. Knowledge gained from past projects should be captured in the lessons learned repository, and reviewing the information in the lessons learned repository might have prevented the same failed risk response from being selected for the current project.
Which of the following is a hierarchical representation of project risks?
Risk Mitigation Risk Breakdown Structure Risk Categories Risk Register
The risk breakdown structure (rbs) is a hierarchical presentation of the project risks sorted by risk categories.
Robert wants to assign a risk owner for every project risk for which a risk response action is planned. Where must he update this information?
Resource management plan Stakeholder register Risk register Project charter
Risk register
The assigned risk owners are documented in the risk register.
Prompt lists are usually developed based on historical information and knowledge accumulated from previous similar projects. Which of the following statements about risk prompt lists is wrong?
The prompt list can be used as a framework Prompt list is a predetermined list of risk categories Prompt lists can be used for idea generation The lowest level of the Risk Breakdown Structure (RBS) cannot be used as a risk prompt list.
The lowest level of the Risk Breakdown Structure (RBS) cannot be used as a risk prompt list.
The lowest level in the rbs can be used as a basic risk prompt list. The other statements are all true.
As a project manager, you will need the assistance of other stakeholders in order to identify the risks associated with your project. You want to determine who are the individuals that might participate in the process of identifying risks to the project, as well as those who are available to act as risk owners. Where should you look?
Risk breakdown structure (RBS) Project charter Responsibility assignment matrix (RAM) Stakeholder register
The question implies that the project team is performing the project management process of Identify Risks. One input to this process is the stakeholder register. The stakeholder register is a project document that lists project stakeholders along with their identification and assessment information, and classification. The project manager can use this information to find out which individuals or groups might participate in identifying risks to the project as well as to determine those stakeholders who are available to act as risk owners. The stakeholder register is the best place to find which stakeholders should be included in the Identify Risks process.
Risks may be identified during the entire lifecycle of a project. Identify Risks is what type of process?
Effort-driven Discrete Iterative Qualitative
Iterative
Identify risks is an iterative process, because new risks may become known as the project progresses through its lifecycle.
Which of the following is not an appropriate method for dealing with a negative risk?
Mitigate Transfer Avoid Exploit
Exploit
Exploitative strategies are selected for risks with positive impacts where the organization wishes to ensure the opportunity is realized. This strategy seeks to eliminate the uncertainty associated with a particular upside risk by making the opportunity happen.
Recently, a junior team member has challenged the project management approach since not all requirements identified during the Collect Requirements process were documented in the project scope statement. You are the project manager, what should you do first?
Analyze the objection and determine if the requirements were deliberately dropped during the Define Scope process. Remove the junior team member from the team as this is a disciplinary issue. Engage the project sponsor to resolve the issue. Accept your mistake and include the missed requirements.
All the requirements identified in collect requirements may not be included in the project as the define scope process selects the final project requirements from the requirements documentation developed during the collect requirement process. Analyzing the objection and determining if the requirements were deliberately dropped during the define scope process is the best response.
Project risks should be identified by:
All project personnel The project manager only Those invited to the risk identification process only Key project stakeholders only
All project personnel
While it is not feasible to invite everyone to the risk identification meetings, everyone should be encouraged to identify risks as they encounter them.
A project manager is using a Risk Diagramming technique that is a graphical representation of situations showing causal influences, time ordering of events, and other relationships among variables and outcomes. This would be:
Histogram A Pareto chart An Influence Diagram A system flow chart
An Influence Diagram
A risk diagramming technique that is a graphical representation of situations showing causal influences, time-ordering of events and other relationships among variables and outcomes is known as an influence diagram. The cause-and-effect diagram also identifies the causes of risk but does not have the time-ordering of events.
A previously unknown risk surfaces on a project and creates an issue that is estimated to cost $50,000. The project manager submits a change request to adjust the schedule baseline and uses the already approved contingency reserves to address the cost. What did the project manager do wrong?
The project manager should not have included the schedule baseline in the change request. The project manager should not have submitted the change request since the risk was unknown. The project manager did not account for all possible risks during project planning. The project manager used contingency reserves instead of management reserves.
The project manager used contingency reserves instead of management reserves.
According to the scenario, the project manager is performing the Monitor Risks process. The risk in this scenario is stated to be an unknown risk, and the project manager is using contingency funds, rather than management reserves, to address the risk. Contingency reserves are included in the cost baseline to address specific identified risks. Management reserves are included in the project budget to address unknown risks. Using contingency reserves for unknown risks adversely affects the project’s cost baseline. Management reserves are not included in the cost baseline; therefore, a change request is required to transfer funds from the management reserves into the cost baseline. Therefore, of the choices provided, using contingency reserves instead of management reserves is what the project manager did wrong.
Under which of the following scenarios would you not use a decision tree?
When some future scenarios are unknown When you need to look at the implications of not choosing certain alternatives When the future scenarios are known When the outcomes of some of the actions are uncertain
You would use a decision tree when uncertainty and unknowns exist regarding future scenarios and their outcomes, not when future scenarios are known.
A project team performs monthly risk audits for a project in which a large number of identified risks have been realized. So far, the risk responses have been appropriate, and reserves are sufficient. An executive for the requesting organization chides the project manager for doing risk audits improperly, stating that like all audits, outside independent resources need to perform risk audits. How should the project manager respond?
Follow the guidance provided by the executive and hire a team of external auditors to conduct the risk audits going forward
Explain that if the current risk audits are not sufficient, then a comprehensive project audit should be carried out
Explain that risk audits can be performed either internally or externally as long as they follow the project management plan
Agree with the executive and submit a change request to update the project management plan to have the audits conducted externally
Explain that risk audits can be performed either internally or externally as long as they follow the project management plan
Risk audits are among the tools and techniques of the Monitor Risks process. Risk audits are used to consider the effectiveness of the risk management process. The project manager is responsible for ensuring that risk audits are performed at an appropriate frequency as defined in the project’s risk management plan. Risk audits are typically performed by the project team and may be included during routine project review meetings or may form part of a risk review meeting, or the team may choose to hold separate risk audit meetings. In this scenario, since conducting risk audits internally is not contrary to project management best practices, and the current risk audit process has proven to be effective, there is no reason to agree with the executive. Therefore, of the available options, the best course of action is to explain to the executive that risk audits can be performed either internally or externally as long as they follow the project management plan. Note that any stakeholder can request a change to the project. It is not clear from the question if the executive’s comment constitutes a change request. If, after explaining the rationale for continuing with the current internal risk audits, the executive still wants external auditors performing the risk audits, the project manager should follow the change control process established for the project. However, in this situation, the change request would likely be rejected since there is no reason to believe that the project would benefit from hiring external auditors to perform the risk audits.
Sensitivity analysis helps to determine which risks have the most potential impact on the project. A project manager prepared a display chart of sensitivity analysis for his project. The diagram contained a series of bars with the length of the bars corresponding to the risk impact on the project. The longer the bar, the greater was the risk presented. Such a chart is likely to be:
A triangular distribution A funnel distribution A tornado diagram An assessment diagram
A tornado diagram
The chart is likely to be a tornado diagram. Tornado diagrams are useful for comparing relative importance and impact of variables that have a high degree of uncertainty to those that are more stable. The variables are positioned vertically, and the bars extend horizontally. The longest bar is at the top of the chart, and the shortest bar is at the bottom. This resembles the shape of a tornado; hence the name.
The fundamental lesson from the Theory of Constraints by Goldratt is:
Managers who choose to lead from the front are more successful. The project’s critical path is limited by the non-critical activities. Managers who delegate more are more successful. A system's throughput is limited by at least one constraint.
A system’s throughput is limited by at least one constraint.
According to the theory of constraints, a system’s throughput is limited by at least one constraint.
You have identified a risk that will negatively affect your security project. You and your team have decided to use an older encryption technology because of the high risk associated with the new technology. What type of risk strategy are you using?
Transfer
Avoidance
Mitigation
Exploitation
In this scenario, you decided to avoid the risk by using an older technology, because the risk of using the new technology is too high.
During which stage of risk planning are risks prioritized based on their relative probability and impact?
Perform Quantitative risk analysis
Plan Risk Responses
Identify Risks
Perform Qualitative risk analysis
Perform Qualitative risk analysis
Perform qualitative risk analysis assesses the impact and likelihood of identified risks. During this process, the risks are prioritized based on their relative probability and impact.
You are managing an oil-drilling project. With oil at $143 per barrel, this could be a highly lucrative project. However, there is a chance that the price of oil will drop below $105 per barrel, which would eliminate the profit in the project. This is an example of:
Constraint Assumption Risk Requirement
Risk
The uncertainty of the oil price is a project risk, which can positively or negatively affect the project. The rest of the choices are incorrect.
You are managing a fund-raising golf tournament that has a hole-in-one contest. However, your company cannot afford to pay the $1,000,000 award if someone does get a hole in one, so it has elected to take out an insurance policy in the event someone does get lucky. This is an example of:
Transference
Mitigation
Sharing
Avoidance
Transference
The use of insurance to shift the negative impact of a risk—in this case, the payment of $1,000,000—is an example of risk transference.
A project manager is leading an infrastructure development project and is just starting the process of prioritizing individual project risks for further analysis. A stakeholder has expressed concern that the existing information about individual project risks may not be accurate and reliable. What is the best course of action?
Perform the Identify Risks process again Capture the concern in the stakeholder register Perform a risk data quality assessment Conduct a risk probability and impact assessment
The question implies that the Perform Qualitative Risk Analysis process is underway. A risk data quality assessment is an example of the data analysis technique that can be used in this process. A risk data quality assessment evaluates the degree to which the data about individual project risks is accurate and reliable as a basis for qualitative risk analysis. The use of low-quality risk data may lead to a qualitative risk analysis that is of little use to the project. If data quality is unacceptable, it may be necessary to gather better data. Risk data quality may be assessed via a questionnaire measuring the project’s stakeholder perceptions of various characteristics, which may include completeness, objectivity, relevance, and timeliness. A weighted average of selected data quality characteristics can then be generated to provide an overall quality score. Therefore, of the available choices, to address the stakeholder’s concern, performing a risk data quality assessment is the best course of action. Note, ideally, the project manager would have to meet with the stakeholder to better understand the concerns expressed by the stakeholder before spending project resources to perform the risk data quality assessment. However, this answer choice is not provided.
With high levels of uncertainty and unpredictability in a fast-paced and highly competitive global marketplace, where long-term scope is difficult to define, it is becoming even more important to have a __________ for effective adoption and tailoring of development practices to respond to the changing needs of the environment.
Blackbox approach Predefined detailed scope Rigid management approach Contextual framework
Contextual framework
With high levels of uncertainty and unpredictability in a fast-paced, highly competitive global marketplace where long term scope is difficult to define, it is becoming even more important to have a contextual framework for effective adoption and tailoring of development practices to respond to the changing needs of the environment. Traditional, predictive and rigid methods are not suitable for projects operating in an environment with a high degree of uncertainty.
Wendy is a project manager for an IT data center installation in a country that recently established independence. The country is in a strategic location for fiber optic communications, but the political climate is highly unstable. In order to keep the data center in the country but avoid unnecessary influence from the political dynamics, Wendy has negotiated with the U.S. Department of State to establish the data center in the basement of the U.S. Consulate in the capital city. This is an example of:
Risk avoidance Risk acceptance Risk mitigation Risk transfer
This is an example of risk mitigation. Risk mitigation involves taking action to reduce the probability of occurrence and/or the impact of a threat. Wendy is taking action to reduce the probability and impact of a potential threat to her project by negotiating a more secure location for her IT data center. She is not avoiding or eliminating the threat entirely, nor is she shifting ownership of the threat to a third party. Therefore, risk mitigation is the best answer choice.
The project manager in charge of a new credit card software project has asked the product manager to create a checklist to assist with identifying risks. A project manager can create a risk checklist from which of the following sources?
Project Management Information System Agreement templates Earned value measurements The lowest level of the Risk Breakdown Structure
The lowest level of the Risk Breakdown Structure
The lowest level of the rbs can be used as a risk checklist.
Velvet is working for a chemical industry, and her management proposed two different projects to manufacture benzene for commercial use. After doing financial analysis, the financial advisor provided her with the following statistics about the projects: Project 1: 60 percent probability of success with a profit of $500,000 and 20 percent probability of failure with a loss of $200,000. Project 2: 30 percent probability of success with a profit of $300,000 and 30 percent probability of failure with a loss of $400,000. Based on the information above, Velvet should choose:
Project 2 Project 1 Neither project 1 nor project 2 Either project 1 or project 2
Project 1
Profit or loss from a project = (Expected Profit * Probability of Profit) - (Expected Loss * Probability of Loss). For project 1, the profit or loss = (5000000.6 - 2000000.2) = 300000 - 40000 = $260,000 profit. For project 2, the profit or loss = (3000000.3 - 4000000.3) = 90000 120000 = ($30,000) = $30,000 loss. Hence, velvet should select project 1, which can yield a profit.
Which of these is not a data gathering technique used in the Identify Risks process?
Delta technique Brainstorming Interviewing Checklists
Delta technique
Delta technique is not a valid type of data gathering technique.
Your sponsor has committed to building a high-speed rail from one major inland city, Azules, to the coast. You have two possible routes, either Brazos or Corazon. Given each route’s costs, odds, and rewards of high demand and low demand in this decision tree, how would you quantify the expected monetary value of the route to Brazos?
1. 6 billion - 2 billion 10. 8 billion 0. 8 billion
0.8 billion
The expected monetary value is an important calculation in performing decision tree analysis as part of the Perform Quantitative Risk Analysis process. You must account for not only the cost of the decision but the probability and payoff for each path.
In a decision tree, the EMV for a decision is calculated by multiplying the value of each possible profit outcome by its probability of occurrence and adding the products together.
The value of each possible outcome is the net path value. Remember: when you net something, you should consider both positive and negative flows. The formula to compute net path value is to subtract the path reward minus the cost of its decision.
For building the route to Brazos, here are the steps to compute the expected monetary value:
EMV = 0.8(12B - 10B)] + 0.2(6B - 10B)
EMV = 0.8(2B) + 0.2(-4B)
EMV = 1.6B - 0.8B
EMV = 0.8B
Other answer choices do not properly factor the net path value (the payoff minus the cost of the decision) and sum the effects.
Below is the completed decision tree with all the net path values and the resulting expected monetary value of each choice. The EMV for the Brazos route is 0.8 billion, and the EMV for the Corazon route is -5.2 billion (note this is a negative number). Since the path with the largest expected monetary value is the Brazos route at .8 billion, that is the best choice.
A project to build a new water treatment plant is in the planning stage. The project manager is starting the project management process of Plan Risk Management. The project sponsor is risk averse, and this will affect the risk management plan. In preparing the risk management plan, the project manager is seeking a high-level understanding of the project description and boundaries, high-level requirements, and risks. Where is the best place for the project manager to find this information?
Project charter Statement of work (SOW) Risk breakdown structure (RBS) Probability and impact matrix
Project charter
The project charter is issued by the sponsor and documents the high-level project description and boundaries, high-level requirements, and risks. The project charter is an input to the Plan Risk Management process and is the best place for the project manager to gain a high-level understanding of the project.
Which of the following statements about the management of risks in a project is incorrect?
Risk report is produced during the perform quantitative risk analysis process. Positive risks are mitigated during the plan risk responses process. The effect of various risks on project scope, cost, and quality is numerically analyzed in the perform quantitative risk analysis process. Stakeholder analysis is performed during the plan risk management process.
Risk mitigation is a negative risk response strategy; it is not applicable to positive risks.
As part of a strategy to handle negative risk, a project manager decided to adopt less complex processes, conduct more tests, and choose a more stable supplier. What strategy would this be classified as?
Transference
Acceptance
Avoidance
Mitigation
Mitigation
Actions such as adopting less complex processes, more testing, or choosing a more stable supplier would be considered mitigation. These actions reduce the probability and impact of risks.
As part of the Risk Response planning for your project, you are trying to come up with a strategy to deal with negative risks or threats. In order to eliminate the impact of a particular risk, you relax the objective that is in jeopardy by extending the project schedule. This is an example of:
Mitigation Avoidance Transference Postponement
This is an example of avoidance. It involves changing the project management plan to “eliminate” the threat posed by an adverse risk, isolating the project objectives from the risk’s impacts, or relaxing the objective that is in jeopardy, such as by extending the schedule or reducing scope. Transference involves shifting the negative impact of a threat along with the ownership of the response. Mitigation implies a reduction in the probability and impact of an adverse risk. Postponement is not a valid strategy since it does not address the risk.
Tom is a project manager for a large software project. During project risk planning, Tom and his team are trying to decide whether to invest $10 million to develop new software or to instead invest $5 million to upgrade the existing software. The team is uncertain how strong demand will be for their product and, therefore, must account for this uncertainty in their analysis. What would be the best tool for the project manager to use in this case?
Monte Carlo analysis Tornado diagram Decision tree analysis Influence diagram
Decision tree analysis
The scenario implies the project manager is carrying out the Perform Quantitative Risk Analysis process. Decision tree analysis is an example of a data analysis technique that can be used as part of that process. The project manager is trying to decide between two different courses of action, which a decision tree analysis is most suited for. A decision tree can be used to quantify the different options in monetary terms and support decision-making in the face of uncertainty, which, in this case, is market demand.
A project manager has decided to use a decision tree to do a build or upgrade analysis. The build requires an investment of $200M. On the build decision branch, there is a 60 percent probability of strong demand (yielding a revenue of $400M) and a 40 percent probability of weak demand (yielding a revenue of $150M). What is the expected monetary value (EMV) of the build?
$140M $100M $200M $300M
The payoff for the strong demand scenario is $400m - $200m = $200m (since the initial investment is $200m). The payoff for the weak demand scenario is $150m - $200m = - $50m. Therefore, the emv is computed as: (0.6 * 200) + (0.4 * -50), where 0.6 represents the 60% probability of the strong demand scenario and 0.4 represents the 40% probability of the weak demand scenario. 120 - 20 = 100. Therefore, the expected monetary value is $100m.
A project manager has just learned that the customer is not showing up to requirements meetings saying they have other more important tasks. Since this behavior has already been identified as a risk earlier in the project, the project manager escalates the issue to the stakeholder who is the risk owner responsible for communicating with the customer in such situations. The stakeholder is shocked to find out she is the assigned risk owner. What most likely went wrong?
The project manager did not follow the risk management plan
The stakeholder register had the wrong risk owner
The stakeholder has not read the risk register
The project manager did not notify the stakeholder that they were the risk owner
The project manager did not notify the stakeholder that they were the risk owner
Risk owners are specified in the risk register which is updated as part of the Plan Risk Responses process. It is the project manager’s responsibility to ensure that all risk owners defined in the risk register are aware of their roles and responsibilities and are actively monitoring their assigned risks. In this scenario, it appears as though not all of the nominated risk owners, such as the stakeholder, were notified of their assigned roles. The incorrect answer choices represent causes which could not have led to the lack of awareness exhibited by the stakeholder, as only the stakeholder register identifies the nominated risk owners. Therefore, of the available choices, the project manager most likely failed to notify the stakeholder that they were the risk owner.
Which type of risk analysis ranks risks for future action or analysis by evaluating their probability of occurrence and impact?
RBS Quantitative analysis Assumptions analysis Qualitative analysis
Qualitative analysis
Qualitative analysis examines risks from the risk register and analyzes each risk’s probability of occurrence and the effect it would have on the project deliverables if it did occur. It ranks risks for future action or analysis by evaluating their probability of occurrence and impact.
John is the project manager for a large construction project. He has just completed a Monte Carlo analysis simulation when he learns from a team member that some of the cost estimates used in the simulation were incorrect. John is highly risk-averse and concerned about this issue, so he meets with his team to discuss options for how to move forward. Based on this information, which choice below best describes what the team would likely do with the results from the Monte Carlo analysis?
Reject the results and use the triangular distribution technique instead
Reject the results; the Monte Carlo results would be inaccurate and should not be used
Use the results; the simulation data can still be of value because incorrect estimates are accounted for in the algorithm
Use the results but set aside additional contingency reserves to address the project risks
Reject the results; the Monte Carlo results would be inaccurate and should not be used
Accurate cost estimates are the most important part of a Monte Carlo analysis. If the project estimates are too broad, or too narrow, the analysis may misstate the overall risk. In turn, this could create serious problems for project planning. Since inaccuracies in the cost estimates can significantly change the results, it is best for the project team to reject the Monte Carlo analysis results and re-run the simulation once they have better estimates.
While analyzing the risks in a project, a project manager updated the risk register with risk urgency assessment ratings. In which process would this be done?
Plan Risk Management Monitor Risks Perform Qualitative Risk Analysis Identify Risks
Risk urgency information is updated to the risk register during the perform qualitative risks analysis process.
Anne is the project manager of a project. She has evaluated certain responses from prospective sellers and wants to select a contract model that will transfer risk to the seller. Which of the following should she select in order to achieve this?
Fixed price contract Cost-Plus-Fixed-Fee contract Cost-Plus-Incentive-Fee contract Time and Material contract
A fixed-price contract enables the buyer to transfer risk to the seller.
A project sponsor is risk averse and is therefore concerned about negative impacts on the project. To help with this concern, the project team identifies four project risks and then evaluates both the probability of occurrence and the impact of the risk if it occurs. The team uses a 1-5 scale, 1 being the lowest and 5 being the highest.
Risk - A Probability (2) and Impact (5)
Risk - B Probability (4) and Impact (3)
Risk - C Probability (3) and Impact (2)
Risk - D Probability (2) and Impact (4)
Risk severity is the product of probability and impact; the higher the product, the higher the risk is rated.
Work Performance Information is not an output of which of the following processes?
Control Scope Validate Scope Manage Communications Monitor Risks
Work performance information is not an output of the manage communications process.
Robert is managing a road construction project. Due to unseasonal weather conditions, the team productivity might be above or below target. This is an example of:
Opportunity risk Variability risk Ambiguity risk Mitigated risk
Variability risk
Examples of variability risks include: productivity may be above or below target, the number of errors found during testing may be higher or lower than expected, or unseasonal weather conditions may occur during the construction phase.
Which of the following is not a Risk Diagramming technique?
Decision trees Influence diagrams Tornado diagram Control charts
Control charts
The business case for any project includes the analysis of the situation, recommended solution and identification of alternative solutions.
Jen works as a project manager for the National Weather Agency. She is managing a project designed to assess the effect of climate change on northern mountains. The initial study established a two months’ delay for the testing equipment to reach mountains due to road construction. However, a recent assessment has indicated a significantly shorter delay because of rapid progress in construction. To deal with the shorter delay, which of the following steps should Jen take next?
Create a new project plan
Conduct a stakeholder meeting
Update the risk register
Distribute the information
Update the risk register
The delays are considered risks to the project. In this scenario, the reassessment indicated a decline in the risk (delay time) compared to the initial risk identification. The risk reassessment is performed in the monitor risks process, and the outcome of the risk reassessment updates the risk register. Therefore, jen must take steps to update the risk register. Other steps can be taken after updating the risk register.
When are risk identification activities performed?
During the Plan Risk Management process Ongoing throughout the project During the Perform Qualitative Risk Analysis process During the Perform Quantitative Risk Analysis process
Ongoing throughout the project
Identify risks is the process of determining what risks can affect the project. Many different stakeholders usually participate in the identify risks process. The process of identify risks is iterative because unknown risks can be discovered throughout the life cycle of the project.
Which of the following items needs to be kept in mind when relying on risk identification checklists?
They are often inaccurate. They are biased. They are not exhaustive. They are easy to prepare.
They are not exhaustive.
While the risk identification checklist is a useful tool, it should be used in combination with the other tools, since it is impossible to cover all scenarios in one checklist.
You are working with your team and are looking at the cost risks in the project. You and your team are currently creating a tornado diagram for the project risks. You do this as a part of which of the following processes?
Qualitative Risk Analysis Quantitative Risk Analysis Monitor Risks Risk Response Planning
A tornado diagram is a sensitivity analysis tool. This technique is used during the perform quantitative risk analysis process.
A project manager is facilitating a first brainstorming session to identify individual risks as well as sources of overall project risk. The meeting attendees are struggling with the task, and the meeting is becoming unproductive. What action might the project manager take to get the meeting back on track?
Adjourn the meeting
Use the RBS as a prompt list
Call in the project sponsor
Consult the risk register
Use the RBS as a prompt list
The question suggests that the Identify Risks process is underway. Prompt lists represent one of the tools and techniques associated with this process. A prompt list is a predetermined list of risk categories that might give rise to individual project risks, and that could also act as sources of overall project risk. The prompt list can be used as a framework to aid the project team in idea generation when using risk identification techniques. The risk categories in the lowest level of the risk breakdown structure (RBS) can be used as a prompt list for individual project risks. Of the available options, using the RBS as a prompt list is the option that would most likely help the meeting attendees generate ideas for risk identification thus assisting the project manager in getting the meeting back on track. Note, the question indicates that the project manager and the team are involved in the ‘first’ brainstorming session to identify risks. This nuance has been added to scenario to make sure that the risk register does not yet exist. Because otherwise, one may argue that Identify Risks as a singular event at the start of the project. That is not the case. Risks are identified frequently throughout the project. As such, there is a risk register that can be and should be referenced whenever the team is performing that process unless this is the first session as described in the scenario.
Identification of new risks, reassessment of old risks, and closing of outdated risks are part of the Monitor Risks process. How often should project risk reassessment be scheduled?
Reassessment is necessary at the 25 percent, 50 percent, and 75 percent stages of project completion.
It depends on how the project progresses relative to its objectives.
Reassessment is necessary at the 20 percent, 40 percent, 60 percent and 80 percent stages of project completion.
Reassessment is necessary at the 50 percent and 75 percent stages of project completion.
It depends on how the project progresses relative to its objectives.
The monitor risks process is performed throughout the project. The number of project risk reassessments scheduled depends on the progress of the project relative to its objectives.
In general, Perform Qualitative Risk Analysis is:
focused on high-priority risks Complete and 100 percent accurate Not often completed In-depth and thorough
focused on high-priority risks
Perform qualitative risk analysis is quicker than perform quantitative risk analysis as it focuses on high-priority risks.
After brainstorming potential project risks, what is the recommended method for prioritizing these risks and their mitigation plans?
Probability and impact matrix RACI chart Fishbone diagram Control chart
Probability and impact matrix
A probability and impact matrix will help filter the high-risk items and high-impact items from the others, so that you can focus your attention on these riskier items.
Your project sponsor has asked you to present your project’s high-level risk register to him in the next project update meeting. To create your high-level risk register, which of the following processes must be performed?
Identify Risks Perform Qualitative Risk Analysis Monitor Risks Plan Risk Management
Identify Risks
A high-level risk register contains the identified risks only. The risk register is created during the identify risks process.
Acceptance is a strategy adopted because it is not possible to eliminate all risks from a project. This strategy indicates that the project management team has decided not to change the project management plan to deal with a risk. What action does passive acceptance require?
Passive acceptance requires no action except to document the strategy and come up with a risk management strategy.
Passive acceptance requires no proactive action except periodic review of the threat.
Passive acceptance is no longer adopted in projects and is a poor project management practice.
Passive acceptance requires no action.
Passive acceptance requires no proactive action except periodic review of the threat.
Acceptance is a strategy adopted because it is not possible to eliminate all risks from a project. This strategy indicates that the project management team has decided not to change the project management plan to deal with a risk. Passive acceptance requires no action except performing periodic review of the threat.
The Risk Register contains details of all identified risks and their current status. It is a document containing the results of:
Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, and Plan Risk Responses Monitor Risks Plan Risk Responses Identify Risks
Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, and Plan Risk Responses
The risk register contains the results of the perform qualitative risk analysis, perform quantitative risk analysis, and plan risk responses processes. It details all identified risks, including description, category, cause, probability of occurring, impact(s) on objectives, proposed responses, owners, and current status.
A risk with a positive outcome is an ___________.
Obsolete risk Opportunity Unlikely risk Objective risk
Opportunity
Risks can pose a threat or an opportunity to a project. Positive risks are called opportunities.
