Most exam takers find the Project Risk Management questions on the PMP® certification exam demanding because they address many concepts that project managers may not have been exposed to in their work or education. However, the questions correspond closely to PMBOK® Guide material, so you should not have much difficulty if you study the concepts and terminology found there. Although the questions included do not contain mathematically complex work problems, they do require you to know certain theories, such as expected monetary value (EMV) and decision-tree analysis. Additionally, you are likely to encounter questions related to levels of risk faced by both buyer and seller based on various types of contracts.
PMI® views risk management as a six-step process including plan risk management, identify risks, perform qualitative risk analysis, perform quantitative risk analysis, plan risk response, and control risk. PMBOK® Guide Figure 11-1 provides an overview of this approach. Know this chart thoroughly.
Following is a list of the major Project Risk Management topics. Use it to help focus your study efforts on the areas most likely to appear on the exam.
Project risk management
Risk processes
Plan risk management
Identify risks
Identify risks tools and techniques
Risk register
Perform qualitative risk analysis
Perform quantitative risk analysis
Plan risk responses
Control risks
INSTRUCTIONS: Note the most suitable answer for each multiple-choice question in the appropriate space on the answer sheet.
1. |
a |
b |
c |
d |
2. |
a |
b |
c |
d |
3. |
a |
b |
c |
d |
4. |
a |
b |
c |
d |
5. |
a |
b |
c |
d |
6. |
a |
b |
c |
d |
7. |
a |
b |
c |
d |
8. |
a |
b |
c |
d |
9. |
a |
b |
c |
d |
10. |
a |
b |
c |
d |
11. |
a |
b |
c |
d |
12. |
a |
b |
c |
d |
13. |
a |
b |
c |
d |
14. |
a |
b |
c |
d |
15. |
a |
b |
c |
d |
16. |
a |
b |
c |
d |
17. |
a |
b |
c |
d |
18. |
a |
b |
c |
d |
19. |
a |
b |
c |
d |
20. |
a |
b |
c |
d |
21. |
a |
b |
c |
d |
22. |
a |
b |
c |
d |
23. |
a |
b |
c |
d |
24. |
a |
b |
c |
d |
25. |
a |
b |
c |
d |
26. |
a |
b |
c |
d |
27. |
a |
b |
c |
d |
28. |
a |
b |
c |
d |
29. |
a |
b |
c |
d |
30. |
a |
b |
c |
d |
31. |
a |
b |
c |
d |
32. |
a |
b |
c |
d |
33. |
a |
b |
c |
d |
34. |
a |
b |
c |
d |
35. |
a |
b |
c |
d |
36. |
a |
b |
c |
d |
37. |
a |
b |
c |
d |
38. |
a |
b |
c |
d |
39. |
a |
b |
c |
d |
40. |
a |
b |
c |
d |
EMVToyota=($50,000×90%)+(–$10,000×10%)=$45,000+(–$1,000)=$44,000
[Planning]
PMI®, PMBOK® Guide, 2013, 339
Risk exists on every project, and it is unrealistic to think it can be eliminated completely. There are certain risks that simply must be accepted because we cannot control whether or not they will occur (for example, an earthquake). Acceptance is a strategy for dealing with risk that can be used for both threats and opportunities. [Planning]
PMI®, PMBOK® Guide, 2013, 345–346
Risks that may happen in the near-term need urgent attention. The purpose of the risk urgency assessment is to identify those risks that have a high likelihood of happening sooner rather than later. It is combined with the risk ranking to give a final risk severity ranking [Planning]
PMI®, PMBOK® Guide, 2013, 333
Every project has uncertainty associated with it because a project by its definition is a temporary endeavor undertaken to create a unique product, service, or result. Risks may be known or unknown. [Planning]
PMI®, PMBOK® Guide, 2013, 3 and 310
The risk breakdown structure (RBS) helps to provide framework for ensuring a comprehensive process of systematically identified risks. It is a hierarchically organized depiction of the identified risks by risk categories. [Planning]
PMI®, PMBOK® Guide, 2013, 317, 332
Brainstorming is a frequently used information-gathering technique for identifying risk, because it enables the project team to develop a list of potential risks relatively quickly. Project team members, or invited experts, participate in the session. Risks are easily categorized for follow-on analysis. [Planning]
PMI®, PMBOK® Guide, 2013, 324
The Delphi technique provides a means for arriving at a consensus using a panel of experts to determine a solution to a specific problem. Project risk experts are identified but participate anonymously. Each panelist answers a questionnaire. Then the responses, along with opinions and justifications, are evaluated, and statistical feedback is given to each panel member. The process continues until group responses converge toward a solution. [Planning]
PMI®, PMBOK® Guide, 2013, 324
Wideman 1992, C-2 and C-3
Used in control risks, a workaround is a response to a threat that has occurred for which a prior response had not been planned or was not effective. [Monitoring and Controlling]
PMI®, PMBOK® Guide, 2013, 567
Simulations are typically performed using Monte Carlo in which a project model is computed many times with the input values chosen at random for each iteration from the probability distribution of these variables. Monte Carlo analysis supports various statistical distributions (normal, triangular, beta, uniform, etc.) used in estimating budgets, schedules, and resource allocations. [Planning]
Frame 2002, 89
PMI®, PMBOK® Guide, 2013, 340
Probability (starting activity 4 on day 6) = (0.5)3= 0.125 or 13% [Planning]
PMI®, PMBOK® Guide, 2013, 331
When determining the likelihood of meeting the project’s schedule end date through Monte Carlo, the schedule network diagram and duration estimate are used as inputs to the simulation program. Cost risk, on the other hand, uses cost estimates from the WBS. [Planning]
PMI®, PMBOK® Guide, 2013, 340
Interviews often are used to help quantify the probability and consequences of risks on project objectives. The type of information collected during the interview depends on the type of probability distribution that is used. A beta or triangular distribution is used widely when information is gathered on the optimistic (low), pessimistic (high), and most likely scenarios. [Planning]
PMI®, PMBOK® Guide, 2013, 336–337
Accepting the consequences of the risk event is categorized as risk acceptance. With this risk response approach, the project team takes no action to reduce the probability of the risk’s occurring. [Planning]
PMI®, PMBOK® Guide, 2013, 344–345
The likelihood is determined by multiplying the probability of event 1 by the probability of event 2. [Planning]
PMI®, PMBOK® Guide, 2013, 331–332
Wideman 1992, IV-7
Project assumptions, which should be enumerated in the project scope statement, are areas of uncertainty, and as such are potential causes of project risk. The scope statement and the WBS are part of the scope baseline, an input to identify risks. [Planning]
PMI®, PMBOK® Guide, 2013, 322
Even low-priority risks must be monitored. A watch list is used to ensure such risks are tracked for continued monitoring. [Planning]
PMI®, PMBOK® Guide, 2013, 347
There is a category of risks that is sometimes called unknown-unknowns, meaning that the risk is not knowable and, therefore, the probability of the risk is also not knowable. Your lead technical advisor becoming seriously ill, your offices being ransacked by persons engaged in industrial espionage, or one of your subcontractors winning the lottery and running off to the Cayman Islands are all examples of risks that are not known before they occur. However, such risks must be expected and a general contingency can be set aside to address the impact they leave in their wake. [Monitoring and Controlling]
PMI®, PMBOK® Guide, 2013, 310, 346, 348, and 533
Pritchard 2005, 183–188
Sensitivity analysis, as a quantitative risk analysis and modeling technique, helps to determine the risks that have the most potential impact on the project. It examines the extent to which the uncertainty of each project element affects the objective being examined when all other uncertain elements are held at their baseline values. [Planning]
PMI®, PMBOK® Guide, 2013, 338
Wideman 1992, C-1 and C-2
EMV = ($2M × 60%) + (–$1.5M × 20%) =
($1.2M) + (–$300,000) = $900,000
[Planning]
Frame 2002, 192
PMI®, PMBOK® Guide, 2013, 339
Active acceptance means not only accepting the consequences of a risk, but also establishing a plan for dealing with the risk, should it occur. Organizations typically establish a contingency plan funded by a contingency reserve (of time, money, or resources) to handle known, or even sometimes potential unknown, threats or opportunities. [Planning]
PMI®, PMBOK® Guide, 2013, 345
Earned value is used for monitoring overall project performance against a baseline plan. It is a part of variance analysis, a tool and technique in control risks. [Monitoring and Controlling]
PMI®, PMBOK® Guide, 2013, 352
You can develop relative or numeric, well-defined scales using agreed-upon definitions by the stakeholders. When using a numeric scale, each level of impact has a specific number assigned to it. [Planning]
PMI®, PMBOK® Guide, 2013, 331–332
The risk score provides a convenient way to compare risks because comparing impacts or probabilities alone is meaningless. It helps guide risk responses. [Planning]
PMI®, PMBOK® Guide, 2013, 332
Corrective action in risk management is the process of making changes to bring expected performance in line with the risk management plan. Such action consists of performing either the planned risk response, such as implementing contingency plans, or a workaround. [Monitoring and Controlling]
PMI®, PMBOK® Guide, 2013, 353
As a graphical way to bring together information, decision-tree analysis quantifies the likelihood of failure and places a value on each decision. Usually applied to cost and time considerations, this form of risk analysis may be linked to a sensitivity analysis. [Planning]
PMI®, PMBOK® Guide, 2013, 339
Wideman 1992, C-2 and C-3
The risk register is prepared first in the identify risks process. It contains a list of identified risks in as much detail as possible and a list of potential responses when they are identifiable at this time. [Planning]
PMI®, PMBOK® Guide, 2013, 327
Checklists are a tool and a technique of the identify risks process and include risks encountered on similar, previous projects identified through the lessons learned process and from other sources. The project team should review the checklist as part of the identify risks process as well as during closeout. The team should add to the list as necessary, based on its experience, to help others in the future. [Planning]
PMI®, PMBOK® Guide, 2013, 325
It is often more effective to take early action to reduce probability and/or impact of a risk occurring on a project than attempting to repair the damage after the risk has occurred. [Planning]
PMI®, PMBOK® Guide, 2013, 345
Risks are highest at the beginning of a project because the project faces an uncertain future, and impacts are lowest at this time because investments in human and material resources are minimal. [Planning]
Frame 2002, 80; PMI®, PMBOK® Guide, 2013, 40
Wideman 1992, II-1–II-5
The cost and schedule of a project are two areas significantly affected by risk occurrences. Information on these two areas, because of their quantitative nature, provides excellent input to the perform quantification risk process to help determine overall impact and to provide guidelines as managing risk reserves. [Planning]
PMI®, PMBOK® Guide, 2013, 335
Opportunity and risk generally remain high during the concept and planning phases. However, the amount at stake remains low because of the relatively low level of investment up to that point. During project implementation and closeout, however, risk falls to lower levels as remaining unknowns are translated into knowns. At the same time, the amount at stake rises steadily as the necessary resources are invested to complete the project. [Planning]
PMI®, PMBOK® Guide, 2013, 40; Wideman 1992, II-5–II-6
Much of the output from planning in other knowledge areas, such as activity cost and duration estimates, may entail risk and is reviewed during the identify risks process. This process requires an understanding of the schedule, cost, and quality management plans found in the project management plan. Estimates that are aggressive or developed with a limited amount of information are even more likely to entail risk and, therefore, must also be an input to the identify risks process. [Planning]
PMI®, PMBOK® Guide, 2013, 321–322
Risk reassessment is an ongoing activity by the project team. Risks should be discussed at every status meeting. Risk audits are performed during the project life cycle to examine and document the effectiveness of risk responses. They are conducted at appropriate frequencies as defined in the risk management plan. [Monitoring and Controlling]
PMI®, PMBOK® Guide, 2013, 351
Perform qualitative risk analysis requires accurate and unbiased data. The use of low-quality data may result in a qualitative risk analysis that is of little use to the project manager regarding understanding of the risk, data available about the risk, data quality, and data reliability and integrity. [Planning]
PMI®, PMBOK® Guide, 2013, 332
Although it might have a negative connotation, exploitation is a strategy used for risks with positive impacts where the organization wants to ensure that the opportunity is realized. [Planning]
PMI®, PMBOK® Guide, 2013, 345
It is not feasible or necessary to quantify every risk. Therefore, a risk audit should never have as an objective to ensure that each project risk has a computed expected value. [Monitoring and Controlling]
PMI®, PMBOK® Guide, 2013, 351
For some risks it is appropriate for the project team to make a response plan that will be executed only under certain predefined conditions if it is believed that there will be sufficient warning to implement the plan. [Planning]
PMI®, PMBOK® Guide, 2013, 346
Project risk has its origin in the uncertainty that is present in all projects. Organizations and stakeholders are willing to accept varying degrees of risk, and risks that are threats to the project may be accepted if the risks are within tolerances and are in balance with the rewards to be gained. This example of adopting a fast-track schedule is a risk taken to achieve the reward created by the earlier completion date. [Planning]
PMI®, PMBOK® Guide, 2013, 345
The probability and impact matrix can be used to classify risks according to their level of impact and to prioritize them for future quantitative analyses and responses based on their rating. Typically these risk rating rules are specified by the organization in advance of the project. The matrix specifies combinations of probability and impact that lead to rating the risks as low, moderate, or high priority. [Planning]
PMI®, PMBOK® Guide, 2013, 331–332
Risk avoidance involves changing the project management plan to eliminate the threat entirely. [Planning]
PMI®, PMBOK® Guide, 2013, 344