Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PMP Study > Risk > Flashcards

Risk Flashcards

1
Q

What are the 9 Risk Parameters besides probability and Impact that can be considered by a project team.

A

Urgency
* Definition: The time frame within which a response must be implemented for it to be effective.
* Key Point: High urgency = short time to act.
* Example: A security breach that must be handled immediately.

Proximity
* Definition: The time before the risk impacts the project.
* Key Point: High proximity = the risk will affect the project soon.
* Example: A potential delay in delivery due next week.

Dormancy
* Definition: The time that passes after a risk occurs before its impact is discovered.
* Key Point: Low dormancy = impact is discovered quickly.
* Example: A data error that is detected immediately after entering the system.

Manageability
* Definition: The ease with which risk owner can manage risk occurence or impact of a risk.(Reactive Implement plan)
* Key Point: High manageability = easy to manage.
* Example: A well-documented process that mitigates equipment failure.

Controllability
* Definition: The ability to control the risk’s outcome or prevent risk from occuring..
* Key Point: High controllability = the outcome can be controlled easily.
* Example: Budget cuts that can be offset by reallocating resources.

Detectability
* Definition: How easily the risk or its occurrence(about to occur) can be detected.
* Key Point: High detectability = risk is easy to spot.
* Example: A machine malfunction that triggers an alarm.

Connectivity
* Definition: The extent to which a risk is connected to other project risks.
* Key Point: High connectivity = the risk affects or is linked to many other risks.
* Example: A system outage affecting multiple departments.

Strategic Impact
* Definition: The effect the risk may have on the organization’s strategic goals.
* Key Point: High strategic impact = major effect on long-term goals.
* Example: A failed product launch that affects the company’s market position.

Propinquity
* Definition: The degree to which a risk is perceived as significant by stakeholders.
* Key Point: High propinquity = stakeholders see it as highly significant.
* Example: A risk that worries investors and could affect stock prices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the Risk parameter Urgency?

A

Urgency
* Definition: The time frame within which a response must be implemented for it to be effective.
* Key Point: High urgency = short time to act.
* Example: A security breach that must be handled immediately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the Risk parameter Proximity?

A

Proximity
* Definition: The time before the risk impacts the project.
* Key Point: High proximity = the risk will affect the project soon.
* Example: A potential delay in delivery due next week.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the Risk parameter Dormancy

A

Dormancy
* Definition: The time that passes after a risk occurs before its impact is discovered.
* Key Point: Low dormancy = impact is discovered quickly.
* Example: A data error that is detected immediately after entering the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Risk parameter Manageability?

A

Manageability
* Definition: The ease or difficulty it is to manage the occurence or impact of a risk once it arises.
* Key Point: Assesses the overall ability of the organization or** risk owner **to deal with the risk in terms of mitigation, response, and resolution.
* High manageability = easy to manage.
* Example 1: A well-defined procedure for handling data breaches makes the breach more manageable, as the organization knows how to respond quickly.
* Example 2: If a project team has experience dealing with vendor delays, they are likely able to manage this risk well by adjusting the project timeline or sourcing alternative suppliers.
* Example 3: A natural disaster like a flood might be manageable if the company has an effective disaster recovery plan in place to resume operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the Risk parameter Controllability?

A

Controllability
* Definition: How much control the risk owner or organization has over the risk’s outcome or its** ability to prevent the risk from occurring in the first place.**
* Key Point: It assesses the **degree of influence **the Risk Owner has over the outcome or effects of the risk.
* Key Point: High controllability = the outcome can be controlled easily.
* Example 1: Strict budget controls give the organization high controllability over financial risks, allowing them to avoid overspending.
* Example 2: An organization has little controllability over the impact of a global economic recession, as it’s external and beyond their influence.
* Example 3: A company with a strong cybersecurity system has high controllability over the risk of a cyberattack by preventing or reducing the likelihood of breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the Risk parameter Connectivity?

A

Connectivity
* Definition: The extent to which a risk is connected to other project risks. Interrelationships of risks with other risks.
* Impact: Risks that can trigger other risks.
* Key Point: High connectivity = the risk affects or is linked to many other risks.
* Example: A system outage affecting multiple departments.
* Example: One risk leading to delays in other project areas.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the Risk parameter Detectability?

A

Detectability
* Definition: How easily the risk or its occurrence(about to occur) can be detected.
* Key Point: High detectability = risk is easy to spot.
* Example: A machine malfunction that triggers an alarm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Risk parameter Strategic Impact?

A

Strategic Impact
* Definition: The effect the risk may have on the organization’s strategic goals. The effect on long term org goals.
* Impact: How risk affects overall business strategy.
* Key Point: High strategic impact = major effect on long-term goals.
* Example: A failed product launch that affects the company’s market position.
* Example: A risk tha affects the companys long term competitive advantage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the Risk parameter Proquinquity?

A

Propinquity
* Definition: The degree to which a risk is perceived as significant by stakeholders.
* The perception of risk importance by stakeholders.
* Focus: How much Shs care about the risk.
* Key Point: High propinquity = stakeholders see it as highly significant.
* Example: A risk that worries investors and could affect stock prices.
* Example: A risk highly concerning to clients or investors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In a hybrid project, several impediments got highlighted recently on the information radiator. Many team members have reported challenges with integrating a new set of legislative requirements within the project. Risks could be major revisions and rework on the product features and associated impacts on cost and schedule.
Which parameter is likely to rank the highest in risk assessment?
a. Dormancy
b. Controllability
c. Detectability
d. Connectivity

A

The correct answer is Option D: Connectivity.
Let’s analyze each option and explain why they are correct or incorrect based on project management principles from the Project Management Body of Knowledge (PMBOK) and Agile Practice Guide.

D. Connectivity:Connectivity is the degree to which project elements are connected or linked.
In the context of a hybrid project facing challenges with legislative requirements and potential impacts on product features, cost, and schedule, the connectivity of these elements becomes crucial.
The integration challenges and potential risks involve the interconnectedness of legislative requirements, product features, cost, and schedule. Therefore, option D (Connectivity) is the correct answer because it directly addresses the issue at hand, emphasizing the importance of understanding and managing the connections and dependencies between different aspects of the project.

A. Dormancy:Dormancy refers to a state of inactivity or inaction. In the context of the given scenario, the challenges and risks being faced by the team are active issues that need attention. Dormancy is not relevant to the situation described, so option A is incorrect.

B. Controllability:Controllability refers to the degree to which a risk can be controlled or managed. In the context of the question, the challenges with integrating legislative requirements may or may not be directly controllable by the project team since the factor is external.
- However, the question is more focused on identifying the parameter that is likely to rank the highest in risk assessment. - Controllability may be important, but it does not directly address the key issue of integrating legislative requirements and the associated risks. Therefore, option B is not the most appropriate parameter for risk assessment in this scenario.

C. Detectability:Detectability relates to the ease of identifying or detecting a risk.
While it is important to detect risks early, the question is asking about the parameter likely to rank the highest in risk assessment.
The challenges with integrating legislative requirements are already highlighted, so detectability may not be the most critical parameter at this stage. Option C is less relevant in the given context.

In conclusion, the correct answer is D (Connectivity) because it aligns with the project management principles of addressing interconnectedness and dependencies, which are crucial in a hybrid project facing challenges with legislative requirements.

Link to PMP Exam ECO: Domain 2, Task 3: Assess and manage risks
Link to Process Group Practice Guide: Assessment of risk parameters - Pg. 247

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What’s the difference between Manageability vs Controllability Risk Parameters?

A

Manageability:
* Focus: How well the risk can be handled after it occurs.
* Timing: Primarily Reactive- Dealing w/ risk once it has occurred
* Example: Having backup resources or contingency plans to mitigate the impact of a delayed task.

Controllability:
* Focus: How much influence or control there is to prevent or mitigate the risk.
* Timing: Primarily proactive- preventing or controlling the risk before it happens.
* Ex: Adjusting the schedule or resources in advance to avoid the task being delayed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What’s the difference between Detectability vs Dormancy?

A

Detectability
* Focus: How easily and quickly the risk can be detected.
* Timing: Primarily concerned with the ability to identify a risk as it occurs or before.
* Example: A bug in software that is detected immediately through automated testing(high detectability).

Dormancy:
* Focus: The time delay between when the risk occurs and when its impact is noticed.
* Timing: Primarily concerned with the period after a risk has occurred but before it’s effects are felt.
* Example: A financial miscalculation that isn’t noticed until the end of the quarter(high dormancy)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Decision Tree Analysis is used for what part of risk management, and what do we do with the results of this planning?

A

Used during risk planning, and the results of the analysis added to risk register, to make informed decision on a risk response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When should the Risk Management Plan be updated?

A
  • During Risk Planning: When you initially create or refine the plan based on identified risks.
  • After New Risks are Identified: If new risks are found that require changes to how you manage risks (new strategies, updated thresholds for risks, or new tools to handle risks).
  • During Monitoring and Controlling: If, during risk monitoring, you discover that the **initial responses **or approaches are insufficient or need adjustment.
  • For example:
    • If new risks emerge that require new strategies.
    • If the implemented responses to existing risks are ineffective and you need a new approach.
  • After a Major Change: If something significant changes in the project, such as a shift in project scope, a new critical risk emerges, or major issues require the risk management approach to be reconsidered.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What’s the difference between Residual Risk and Secondary Risk?

A

Secondary Risk:
* Definition: A secondary risk is anew risk that emerges directly as a result of implementing a risk response.
* Cause: It occursbecause ofthe action taken to manage an initial risk.
* Example: If a project manager decides to switch to a new supplier to avoid delays from the original supplier, the risk of the new supplier not meeting quality standards could be asecondary risk. This new risk comes as a direct consequence of the decision to switch suppliers.

  1. Residual Risk:
    * Definition: A residual risk is theremaining risk that persists even after the planned risk response has been implemented.
  • Cause: It is a portion of the original risk thatremainsafter the response strategy is applied, and it may or may not be fully controllable.
  • Example: In the case where a project team has implemented a plan to use paper forms as a backup to avoid delays, but there is still a possibility that the paper forms may not be ready in time, this remaining possibility is aresidual risk.
16
Q

How is the Risk Management steps iterative in a predictive project?

A

Risk Management is always an iterative process.
* Even with traditional predictive projects the final Monitor Risks step includes: the **ongoing assessment and processing of risks. **
* So, rather than viewing the risk management process as a linear, single-pass procedure, it can be more helpful to view it as iterative.
* Now we see the Monitor Risks step links back into the ongoing process of Identify Risks that looks for new or escalating risks and runs them through the risk management process. T
* The process is cyclical and iterative until the project completes. Then it can be handed to operations or program management to assist with long-term benefits management.
* WHen project is running, and we’re in M&C- Monitoring Risks phase» We iteratively go through all Risk Management Steps.
* Steps in M&C:
1. ID Risks: ID new risks or residual risks that may come up during project.
2. Perform Qualitative R.Anal: Analyze these risks update Register
3. Quant Risk Anal
4. Plan Risk Responses: For new or residual risks.
5. Implement if they come to fruition.
6. Back to Monitoring risks.

17
Q

What areas of project are impacted when you have no historical data available for project?

A
  • Risk Identification & Analysis: Increased uncertainty in identifying risks and assessing their impact. Becomes difficult to anticipate risks that may have occured in past projects w/out history.
    • Risk analysis will have to rely on expert judgement, brainstorming, for subjective or inaccurate assessment.
  • Cost & Schedule Estimation: Difficulty in predicting costs and timelines; higher chance of overruns.
    • Instead of historical benchmarks, may have to rely just on vendor quotes, expert estimates..
  • Resource Planning: Challenges in allocating resources effectively; no benchmarks for productivity.
  • Quality Management: Unclear quality standards(Metrics to set baselines for good quality.); risk of rework.
    • Historical data is often used to set realistic quality benchmarks or identify common defects or failures. Without this data, the project might struggle to define what “acceptable quality” looks like, or it might fail to anticipate common quality challenges.
  • Stakeholder Expectations: Misaligned expectations without data to set realistic outcomes.
  • Procurement: Uncertainty in supplier reliability and contract terms.
  • Team Learning Curve: Steeper learning curve with new tools/methods.
  • Project Controls: Difficulty in setting baselines and monitoring progress.

In summary, without historical data, a project manager faces greater uncertainty across many aspects of the project. To mitigate these impacts, they should emphasize robust risk management, leverage expert judgment, and maintain active and transparent communication with stakeholders to adjust expectations and adapt as the project progresses.

18
Q

How is delphi technique, affinity diagram used in risk management and how does it lead to risk analysis?

A

ID Risk Process:
* Collect data: Delphi used to gather insights and ideas from experts anonymously, iteratively creating a refined risk list.
* Brainstorming works too.
* Visualize Data: **Affinity Diagram **used to categorize and organize the risks once collected. Easier to manage
* Risk list is now more organized into categories primed for analysis in next step.

Qualitative Risk Analysis: Goal is to **prioritze risks **based on probability and impact.

Quantitative Risk Analysis: Monte carlo or Decision tree. Used to evaluate numerical probability and impact of risks.
* Helps to find out highest priority risks

19
Q

What are Risk Identification Techniques used and their steps?

A

Data Gathering:
* Expert Judgement: To help ID Risks from experts or people who worked on similiar projects.
* Brainstorming: Fast Idea generation. use category prompts(VUCA).
* Delphi Technique: Gather group of experts to submit their ideas anonymously, ideas presented, revote iteratively until conensus reached, to make refined list of ideas.
* Checklists: Org may have checklists of risk categories to look into. Can go over them to help team help ID risks.
* Interviews: more indepth info from SHs or SMEAs

Data Analysis: Need to analyze collected data to ensure makes sense for project.
* RCA: aim to find underlying cause to problem(or risk).
* Can start w/ problem statement and brainstorm ideas
* Fishbone
* 5 whys
* SWOT Analysis: Help Id project risks from POV of Strengths, Weaknesses, opportunities, and threats
* Start w/ ID strengths/weaknesses of org, product, project.
* Then ID Opp that arise from strengths, and threats that arise from weaknesses

Assumption & Constraint Analysis: We can analyze any assump/const in project for risks, visible in the schedule, budget and resource plan. Can give ideas for risks.

Document Analysis: Usually visible in plans, contracts, agreements for any inconsistencies that may lead to risks.

20
Q

Which process in risk management uses SWOT Analysis?

A

Risk Identification: Data Analysis
* SWOT Analysis: Helps ID risks to the project from the perspective of Strengths, Weaknesses, Opportunities, and Threats.
* Start w/ the ID of Strengths and Weaknesses of the org, product, or project.
* Then ID any Opportunities that may arise from the strengths, and any Threats that may arise from the weaknesses
* 1st: Strengths & Weaknesses
* 2nd: Strengths->Opportunities & Weaknesses-> Threats

21
Q

If you get a non conformity from external audit team for using an outdated version of old risk register template. How can you avoid this in the future?
a. Conduct one round of internal audit before allowing an external aduit to audit to avoid gap.
b. Conduct a risk management plan before preparing risk register
d. Update risk register w/ new template and close non conformance(NC)

A

B. Conduct Risk Management plan before preparing risk register.
* This includes setting guidelines on how the risk register and other tools will be managed, updated, and monitored.
* By having a well-defined risk management plan, the project manager would ensure that the most up-to-date templates are used, reducing the likelihood of non-conformities during audits.

22
Q

What is the preferred strategy for an average risk threshold group, if they want to bid on a high risk project with lots of penalities?

A

Transfer Risk is preferred strategy for medium risk threshold group.
Ex: Insurance, performance bonds, warranties, guarantees, etc..

23
Q

What is Pre Mortem

A

Pre Mortem: Risk Management tech used to anticipate potential project failures before they occur.
-Done during planning stage before execution phase. Risk Planning process.
-Proactively identifies and mitigates risks at the planning stage.
-Unlike post mortem which analyzes what went wrong after project.

Pre-Mortem STEPS
Brainstorm ideas of Failure: have team imagine that project has failed.
Objective to brainstorm reasons for that failure.
List and prioritize risks
Develop Risk Mitigation Strategies: For high priority risks, brainstorm ways to prevent or mitigate it.
Assign Responsibilties
Document Plan: Risk Register: Update w/ ID’d risks, impact, mitigation strat, assigned resps.

24
Q

What are the 10 Risk Responses, 5 positive, 5 negative

A

Negative: Threat
1. Escalate
2. Mitigate
3. Avoid
4. Transfer
5. Accept: use contingency reserve to handle risk.

Positive: Opportunity
1. Escalate
2. Share
3. Accept
4. Enhance: It is used to increase the probability and/or the positive impacts of an opportunity.
* Identifying & maximizing key drivers of these positive-impact risk **may increase the probability of their occurrence. **
* Ex: adding more resources to an activity to finish early.

5.Exploit: It is used when the organization **wants to ensure **an opportunity is realized.
* Ex: Assigning an organization’s most talented resources to the project to reduce the time to completion or using new technology to reduce cost and duration required to realize project objectives.

25
Q

Whats the difference between Exploit and Enhance Risk Responses?

A

Enhance: Increase probability of opportunity happening.
* Ex: Adding more resources to an activity to finish early.

Exploit: When you want to make sure 100% an opportunity is realized
* Ex: Assigning an organization’s most talented resources to the project to reduce the time to completion or using new technology to reduce cost and duration required to realize project objectives.

26
Q

What’s a Risk Audit?

A

Type of audit that considers the effectiveness of risk management process.
* PM is responsible for ensuring risk audits are performed at an appropriate frequency, as defined in the Risk MP.

27
Q

Watch List?

A

Low priority risks identified and put on WL for periodic monitoring.

28
Q

What is post mortem?

A

A retrospective LL review done after project or phase is done. What went well, what went wrong, what can improve.
* Analyze success and failures.
* Objective to ID Lessons Learned

PMP Study (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions