PMI-RMP PMI Risk Management Professional (PMI-RMP) Exam Question and Answers

An Ishikawa diagram (also known as a fishbone or cause-and-effect diagram) is a tool used to identify and analyze the root causes and sources of a risk. It helps the risk manager gain a deeper understanding of the risk source and likelihood. (Reference: PMBOK Guide, 6th Edition, p. 139)

 An Ishikawa diagram, also known as a fishbone diagram or a cause-and-effect diagram, is a tool that can help the risk manager to analyze the root causes of a risk and to identify the factors that influence its occurrence and impact. An Ishikawa diagram can also help to visualize the relationships among different causes and to prioritize the most significant ones. By developing and employing an Ishikawa diagram, the risk manager can gain a deeper understanding of the source and likelihood of the risk and plan appropriate responses accordingly. References: The Standard for Risk Management in Portfolios, Programs, and Projects, page 72; PMBOK Guide, 6th edition, page 398.

A risk checklist is a tool for identifying risks based on historical information and knowledge from similar projects. It is a list of potential risk sources or categories that can be used to prompt the project team to consider possible risks that may affect the project. A risk checklist should include information that is relevant and useful for identifying risks, such as lessons learned from similar completed projects and previous project risks that may be relevant to this project. These two pieces of information can help the project manager to learn from past experiences and avoid repeating the same mistakes or overlooking the same threats or opportunities. A risk checklist should not include information that is not directly related to risk identification, such as budget variance data from previously completed projects, project scope and cost management plans from previous projects, or stakeholder analysis metrics from projects with similar risk profiles. These pieces of information may be useful for other aspects of project management, such as planning, monitoring, or controlling, but they are not helpful for identifying risks on a project. References: PMI. (2017). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition. Chapter 11: Project Risk Management, p. 397. 5

Lessons learned and previous project risks are valuable sources of information for creating a risk checklist. They provide insights into potential risks that may impact the current project and help the project manager develop appropriate risk responses. Budget variance data, project scope and cost management plans, and stakeholder analysis metrics, although useful, are not directly related to risk identification. (Reference: Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, Section 11.2)

According to the PMI Risk Management Professional (PMI-RMP)® Examination Content Outline1, one of the tasks in the domain of Risk Identification is to review the stakeholder register and stakeholder engagement plan to communicate and solicit stakeholder input on risks throughout the project life cycle1. The stakeholder register is a project document that identifies the project stakeholders, their roles, interests, expectations, influence, and communication requirements2. The stakeholder engagement plan is a component of the project management plan that describes the strategies and actions to promote productive involvement of stakeholders in project decision making and execution3. In this scenario, the risk manager should review these documents to address the concerns of some stakeholders who are complaining that their opinions were not considered in the risk identification process. The risk manager should communicate with the stakeholders according to their preferences and needs, and solicit their input on the project risks using various tools and techniques, such as interviews, surveys, brainstorming, etc. The risk manager should also update the stakeholder register and stakeholder engagement plan as needed to reflect any changes in the stakeholder community or their expectations. The risk manager should not refer to the requirements documentation to confirm stakeholder requirements as they relate to risks, because that is not a direct way to address the stakeholders’ concerns, and it may not capture all the potential risks that the stakeholders may identify4. The risk manager should not refer to the project charter to find guidelines and stakeholder communication channels, because the project charter is a high-level document that does not provide detailed information on how to communicate and engage with the stakeholders5. The risk manager should not rewrite the risk register to include the additional possible risks and inform the stakeholders, because that is a premature and presumptuous action that may not reflect the actual views and inputs of the stakeholders, and it may create more confusion and dissatisfaction among them6. References: 1: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, page 82: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 5133: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 5184: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 1525: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 776: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 414.

The project risk exposure is the total amount of potential loss that the project may incur due to the occurrence of identified risks. It can be calculated by multiplying the probability and impact of each risk and then summing up the results. In this case, the project risk exposure can be computed as follows:

Risk A: 0.6 x 50,000 = 30,000 Risk B: 0.3 x 60,000 = 18,000 Total: 30,000 + 18,000 = 48,000

However, this calculation does not take into account the percentage of completion of the project, which is 40%. Since the project is already 40% complete, the remaining 60% of the project is exposed to the identified risks. Therefore, the current project risk exposure should be adjusted by multiplying the total risk exposure by 0.6. This gives the following result:

Current project risk exposure: 48,000 x 0.6 = 28,800

Therefore, the correct answer is B. US$72,000, which is the closest option to the calculated value of US$28,800. References: PMI-RMP® Certification Handbook1, page 9; PMBOK® Guide, page 406.

Reviewing published operational experience reports from similar projects or industries can help the risk manager objectively identify risks for the chemical laboratory project. These reports provide valuable insights into potential risks and lessons learned from other projects.

According to the PMBOK Guide, one of the tools and techniques for the identify risks process is data gathering. Data gathering is the process of collecting information from various sources to identify potential risks that may affect the project objectives. One of the data gathering techniques is document analysis, which involves reviewing and analyzing available project documents and other information sources to identify potential risks. Some of the documents that can be analyzed are project charter, project management plan, stakeholder register, assumptions log, agreements, and lessons learned1.

One of the information sources that can be useful for identifying risks in a project constructing a chemical laboratory is published operational experience reports. These are reports that document the experiences, lessons learned, best practices, and recommendations from other organizations or projects that have constructed or operated chemical laboratories. These reports can provide valuable insights into the common risks, challenges, and opportunities that are associated with chemical laboratory projects, such as safety hazards, environmental regulations, equipment failures, design specifications, quality standards, and stakeholder expectations. By reviewing published operational experience reports, the risk manager can objectively identify risks that are relevant and applicable to their project, as well as learn from the successes and failures of others23.

Some of the other options are not relevant or appropriate for the question scenario:

• Importing a risk register from other industry chemical laboratories is not a valid option, as it would not allow the risk manager to objectively identify risks that are specific and unique to their project. A risk register is a document that records the identified risks, their causes, impacts, responses, owners, and other information related to the risk management process. A risk register is a project-specific document that reflects the characteristics, objectives, and context of a particular project. Importing a risk register from other industry chemical laboratories would not ensure that the risks are relevant, accurate, or comprehensive for the risk manager’s project. Moreover, it would violate the intellectual property rights and confidentiality agreements of the other projects1.
• Defining chemical laboratory safety risk thresholds is not a tool or technique for identifying risks, but rather for performing qualitative risk analysis. Risk thresholds are the measures of the level of uncertainty or the level of impact at which a stakeholder may have a specific interest. Risk thresholds are used to determine the significance of each risk and to prioritize them for further analysis or action. Defining chemical laboratory safety risk thresholds would not help the risk manager to objectively identify risks, but rather to evaluate them1.
• Drafting threat and opportunity risks that come to mind is not an objective or systematic way of identifying risks, but rather a subjective and intuitive one. This option would rely on the risk manager’s personal judgment, experience, or creativity, which may not be sufficient or reliable for identifying risks in a project constructing a chemical laboratory. This option would also not ensure that the risks are based on factual and verifiable information sources, such as project documents or published reports. Drafting threat and opportunity risks that come to mind would not help the risk manager to objectively identify risks, but rather to generate them1.

References: PMBOK Guide, 6th edition, pages 397-399, 414-415, 431-432, 441-4421; Risk Management Professional (PMI-RMP)® Cert Guide, pages 63-642; Risk Management Professional Exam Outline, page 73.

sensitivity analysis is a technique that helps to determine which risks have the most potential impact on the project. It examines the extent to which the uncertainty of each project element affects the objective being examined when all other uncertain elements are held at their baseline values. Sensitivity analysis is often used to assess the risk exposure of the project schedule and cost, and to identify the critical risks that need to be managed. In this case, the risk manager needs to understand how the new risk resulting from the delay will affect the project deadline, which is the objective being examined. By performing sensitivity analysis, the risk manager can compare the relative importance and interaction of the new risk with other existing risks, and determine the worst-case scenarios for the project completion date. Sensitivity analysis can also help to prioritize risks for response planning and to develop contingency reserves. This is part of the Perform Quantitative Risk Analysis process in the PMBOK® Guide2. References: 1: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline 2: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition

The project manager should reassess risks by conducting a new assumptions and constraints analysis. This will help identify any previously overlooked risks and ensure that the risk register is comprehensive and up-to-date.

According to the PMI Risk Management Professional (PMI-RMP)® Examination Content Outline1, a secondary risk is a risk that arises as a direct result of implementing a risk response to a specific risk. In this case, the risk response is to contract an external vendor to provide additional capacity and expertise to the project team. The secondary risk is the confidentiality risk that the contracts department has identified. The risk manager should assess the secondary risk to determine its probability, impact, and priority, and to plan appropriate responses. This is part of the Perform Qualitative Risk Analysis and Plan Risk Responses processes in the PMBOK® Guide2. References: 1: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline 2: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition

Project risks should be closed when the stakeholders agree a risk is no longer applicable. This ensures that risks are actively managed and only relevant risks are considered throughout the project lifecycle.

According to the PMI Risk Management Professional (PMI-RMP) Reference Materials, project risks are uncertain events or conditions that may have a positive or negative effect on one or more project objectives1. Project risks can be closed when they are no longer applicable to the project or its activities. The process of closing project risks involves verifying that the risk responses have been completed, documenting the outcomes, and evaluating the effectiveness of the risk management process2. The decision to close a project risk should be made by the stakeholders who are responsible for or affected by the risk, as they are the ones who can determine whether the risk is still relevant or not. Therefore, the correct answer is B. When the stakeholders agree a risk is no longer applicable.

References: 1: PMI, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Sixth Edition, 2017, p. 397 2: PMI, Practice Standard for Project Risk Management, 2009, p. 111

The project manager should monitor and control secondary and residual risks in the risk register. This will ensure that any new risks identified during the implementation of the risk response plan are captured and managed effectively. Monitoring and controlling risks is a continuous process that helps in identifying, analyzing, and planning for new risks as well as updating the risk register as needed.

 According to the PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, one of the tasks under the domain of Risk Response Planning is to “identify and assess the effectiveness of alternative strategies to reduce threats or enhance opportunities, such as mitigation, transference, avoidance, and acceptance” 1. This implies that the project manager should also consider the potential secondary or residual risks that may arise from implementing the chosen risk response strategy. Secondary risks are new risks that are created as a direct result of implementing a risk response, while residual risks are those that remain after the risk response has been executed 2. Both types of risks should be identified and assessed for their impact and probability, and added to the risk register for further monitoring and control. Therefore, the correct answer is A.

References: 1: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, page 91 2: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4362

The first thing the risk manager should do is analyze the situation and meet with the risk owner. This will allow the risk manager to understand the challenges faced by the risk owner and work with them to find a solution. Conducting a cost-benefit analysis or changing the risk response strategy may be necessary, but it is important to first understand the situation before taking any action.

According to the PMI-RMP Exam Content Outline, one of the tasks in the domain of Risk Response Planning is to “assist the risk owners in developing and implementing risk response strategies and actions based on the agreed-upon risk response plan”. Therefore, the first thing the risk manager should do is to analyze the situation and meet with the risk owner to understand the root cause of the challenges and the cost overrun, and to discuss possible solutions or alternatives. Highlighting this situation to the project manager, conducting a cost-benefit analysis, or changing the risk response strategy are possible actions that can be taken after the analysis and meeting, but not before. References: PMI-RMP Exam Content Outline, Domain 3: Risk Response Planning, Task 31

The project manager should escalate this initiative to project decision makers and sponsors, as they have the authority to approve changes in budget and scope. They can evaluate the potential benefits and associated with the new technology and make an informed decision on whether to proceed.

 According to the PMBOK® Guide1, an opportunity is a risk that would have a positive effect on one or more project objectives if it occurs. Opportunities are uncertain events or conditions that can enhance or facilitate the achievement of project goals, such as cost savings, schedule acceleration, quality improvement, or scope expansion. A project manager should take advantage of opportunities by implementing risk responses that seek to maximize their probability and/or positive impact. In this case, the project manager wants to introduce a new technology to improve the project’s performance, which is an opportunity for the project. The project manager should take advantage of this opportunity by planning and executing appropriate risk responses, such as exploiting, enhancing, sharing, or accepting the opportunity. This is part of the Plan Risk Responses and Implement Risk Responses processes in the PMBOK® Guide1. References: 1: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition.

The project manager should discuss the identified risks with the project team to ensure that everyone is aware of the potential risks and can provide input on the likelihood and impact of each risk. This collaborative approach will help in developing a comprehensive risk management plan.

The project manager should discuss and evaluate the identified risks with the project team, as this is part of the risk identification process. The project manager can use their experience from previous projects to identify potential risks that may occur again on the new project, but they should also involve the project team to obtain their input and perspectives. The project team can help the project manager to validate, refine, and prioritize the identified risks, as well as to suggest possible risk responses. The project manager should document the identified risks and their characteristics in the risk register, which is a tool for risk management. The other options are not appropriate actions for the project manager to take. Implementing the risk response strategies into the risk plan is premature, as the project manager should first analyze and evaluate the risks before deciding on the best response strategies. Informing the sponsor that these risks should be added according to experience is not sufficient, as the project manager should also consult the project team and other stakeholders to ensure that all relevant risks are identified and assessed. Adding the risks to the risk register and determining a contingency is part of the risk analysis and response planning processes, which come after the risk identification process. The project manager should first discuss and evaluate the identified risks with the project team before moving to the next steps of risk management. References: 2, 3, [5]

The project risk manager should monitor risk thresholds closely, as they represent the organization's risk appetite. In a project with a low risk appetite, it is essential to ensure that risks are managed within the defined thresholds to address stakeholders' concerns and maintain their confidence in the project's success.

According to the PMI Risk Management Professional (PMI-RMP) Reference Materials, risk thresholds are the measure of acceptable variation around an objective that reflects the risk appetite of the organization1. Risk appetite is the degree of uncertainty an entity is willing to take on in anticipation of a reward2. In this case, the project has a significant impact on the organization and the stakeholders have a low risk appetite, meaning they are not willing to accept much deviation from the project objectives. Therefore, the project risk manager should monitor the risk thresholds closely to ensure that the project risks do not exceed the acceptable level of variation and impact the project performance negatively. By monitoring the risk thresholds, the project risk manager can also identify when risk responses are needed and evaluate their effectiveness.

References: 1: PMI, Practice Standard for Project Risk Management, 2009, p. 20 2: PMI, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Sixth Edition, 2017, p. 720

If a risk still leaves substantial residual risk after implementing the mitigation strategy, the risk manager should revisit the risk register and redefine the mitigation strategy to reduce the residual risk to an acceptable level.

According to the PMBOK Guide, 6th edition, Chapter 11: Project Risk Management1, an effect of adding the correlation to the Monte Carlo schedule risk analysis model is that it increases the standard deviation of the model. This is because:

• Correlation is the statistical relationship between two or more variables. In a schedule risk analysis, correlation can be used to model the dependency between the durations of different activities. For example, if two activities are positively correlated, it means that if one activity takes longer than expected, the other activity is also likely to take longer than expected. Conversely, if two activities are negatively correlated, it means that if one activity takes longer than expected, the other activity is likely to take shorter than expected.
• A Monte Carlo schedule risk analysis is a simulation technique that uses random values for uncertain variables, such as activity durations, to generate possible outcomes for the project schedule. The simulation is repeated many times to produce a probability distribution of the project completion date and duration. The standard deviation is a measure of the variability or dispersion of the distribution. A higher standard deviation means that the distribution is more spread out and less predictable.
• Adding correlation to the Monte Carlo schedule risk analysis model increases the standard deviation of the model because it introduces more variability and uncertainty to the simulation. Correlated activities can have a cumulative effect on the project schedule, either positively or negatively, depending on the direction and strength of the correlation. This can result in more extreme outcomes for the project completion date and duration, which increase the spread of the distribution and the standard deviation.

References:

• PMBOK Guide, 6th edition, Chapter 11: Project Risk Management1
• Risk Management Professional (PMI-RMP)® Exam Cert Guide2

 A SWOT analysis is a risk identification technique that helps to identify high-level and strategic project risks by examining the internal and external factors that may affect the project objectives. A SWOT analysis involves listing the strengths, weaknesses, opportunities, and threats of the project, and then analyzing how they may impact the project positively or negatively. A SWOT analysis can help to uncover potential risks that may not be obvious from other techniques, such as prompt lists, interviews, or brainstorming12

References: 1: PMI Risk Management Professional (PMI-RMP)® Handbook, page 10 2: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition, page 11.2.2.1

Risk identification should be an ongoing process throughout the project lifecycle. Encouraging project team members to proactively identify risks allows for continuous risk management and the development of appropriate response strategies as new risks emerge.

According to the PMI Risk Management Professional (PMI-RMP)® Examination Content Outline1, one of the tasks in the domain of Risk Identification is to ensure that project team members proactively identify risks throughout the project life cycle, using various tools and techniques, to enable planning for possible risk response strategies1. Risk identification is an iterative process that should be performed regularly and frequently throughout the project, as new risks may emerge or existing risks may change due to internal or external factors2. The project manager should involve the project team members and other relevant stakeholders in the risk identification process, as they may have different perspectives, expertise, and insights on the project risks3. The project manager should not identify risks only at the project’s midpoint for the stakeholders to review them, because that would be too late and ineffective to manage the risks that may have already occurred or escalated4. The project manager should not identify risks at the beginning of the project because the risk posture will not change, because that would be unrealistic and imprudent to assume that the project environment and conditions will remain static and predictable5. The project manager should not delegate risk identification to each team member and have them record the risks on separate risk registers for their areas, because that would create inconsistency, duplication, and fragmentation of the risk information, and prevent a holistic and integrated view of the project risks. References: 1: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, page 82: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 3983: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 3994: Risk Identification: When and How Often to Do It During the Project Life Cycle5: Risk Management: Why Is It Important?. : Risk Register in Project Management - Project Management Academy.

A contingency response plan helps the project manager to be prepared for unexpected situations, such as delays in equipment mobilization. This plan should outline alternative actions to take in case of such delays, minimizing the impact on the project.

According to the PMBOK® Guide, a contingency response plan is a predefined action that the project team will take if an identified risk event occurs. It is part of the risk response plan, which is the output of the Plan Risk Responses process. The contingency response plan helps the project team to reduce the impact of the risk event on the project objectives, such as scope, schedule, cost, and quality. The contingency response plan should be documented in the risk register, along with the risk triggers, the assigned risk owners, and the allocated contingency reserves.

The project manager for project X should prepare a contingency response plan to avoid the situation of being dependent on the availability of critical equipment from another project, project Y. This is because the equipment mobilization is an external dependency, which is a type of inter-project dependency that occurs when a project relies on another project for a deliverable or resource. Inter-project dependencies are a source of risk for the project, as they may cause delays, conflicts, or changes in the project scope or quality. The project manager should identify, analyze, and monitor the inter-project dependencies, and plan appropriate risk responses to deal with them.

The contingency response plan for the equipment mobilization could include alternative sources of equipment, such as renting, purchasing, or borrowing from other projects or vendors. The contingency response plan could also include schedule adjustments, such as fast-tracking, crashing, or re-sequencing the activities that require the equipment. The contingency response plan should be implemented when the risk trigger occurs, such as the notification of the delay from the other project manager. The project manager should also communicate the contingency response plan to the relevant stakeholders, such as the project sponsor, customer, team members, and other project managers.

The other options are not valid for avoiding the situation in the future:

• Ask the other project manager to officially confirm the new date in writing: This is not a valid option because it does not address the root cause of the problem, which is the dependency on the equipment from another project. Asking for a confirmation in writing may help to document the issue and track the progress, but it does not prevent the situation from happening again. The project manager should plan for the possibility of delays or changes in the equipment availability, and not rely on the other project manager’s promises or commitments.
• Request that the other project manager be added to relevant reports: This is not a valid option because it does not address the root cause of the problem, which is the dependency on the equipment from another project. Adding the other project manager to the relevant reports may help to improve the communication and coordination between the projects, but it does not prevent the situation from happening again. The project manager should plan for the possibility of delays or changes in the equipment availability, and not rely on the other project manager’s information or updates.
• Request that the other project manager inform if any additional delays are expected: This is not a valid option because it does not address the root cause of the problem, which is the dependency on the equipment from another project. Requesting the other project manager to inform if any additional delays are expected may help to anticipate and prepare for the impact, but it does not prevent the situation from happening again. The project manager should plan for the possibility of delays or changes in the equipment availability, and not rely on the other project manager’s forecasts or estimates.

References: PMBOK® Guide1, Project interdependency management2, Interdependencies among projects in project portfolio management3, Mastering PMI-RMP Domains, Tasks, and Enablers for Effective Risk4

The risk manager should consult the risks that have materialized and the overall risk profile to analyze the performance of managing the risks, as well as the risks due to the number of claims submitted to the client. These options provide insights into how well risks are being managed and the potential impact on the project.

 The risk manager should consult the risks that have materialized and the overall risk profile, as these are indicators of how well the risk management process is working and how the project is affected by the risks. The risk manager should also consult the risks due to the number of claims submitted to the client, as these are potential sources of conflict, litigation, and reputation damage that may impact the project objectives and stakeholder satisfaction. References: The Standard for Risk Management in Portfolios, Programs, and Projects, page 83; PMBOK Guide, 6th edition, page 414.

The project manager should first gather more information about the previous project's issues by interviewing the other project manager. This will help in understanding the root causes of the delay and how to prevent similar issues in the current project before taking further action.

 The project manager should first include the risk of delay in delivery of the GTG in the risk register and communicate with the stakeholders about the potential impact and response strategies. This is part of the risk identification process, which is the first step in risk management. The risk register is a document that records the identified risks, their causes, effects, probabilities, impacts, and response plans. The project manager should communicate with the stakeholders to ensure that they are aware of the risk and its implications, and to obtain their feedback and support. The project manager should also update the risk register as new information becomes available or as the risk status changes. The other options are not the first actions that the project manager should take. Communicating with the client to provide the previous shutdown plan is part of the risk response process, which comes after the risk identification and analysis processes. Reviewing and updating the project schedule is part of the schedule management process, which is not directly related to risk management. Interviewing the other project manager to learn more details is a technique that can be used to identify risks, but it is not the first action that the project manager should take. The project manager should first document the risk in the risk register and communicate with the stakeholders before seeking more information from other sources. References: 3, 4, 5

The risk manager can ensure the organizational process assets (OPAs) are updated as a result of risk management activities by arranging periodic risk management process audits. These audits help evaluate the effectiveness of risk management processes and identify areas of improvement, leading to updates in the OPAs.

According to the PMBOK Guide, one of the tools and techniques for the monitor risks process is audits. Audits are examinations of the risk management processes to ensure that they are aligned with the project objectives and are following the organizational policies and procedures. Audits can also identify any gaps, inconsistencies, or areas of improvement in the risk management activities. By conducting periodic audits, the risk manager can ensure that the organizational process assets are updated and reflect the current state of the project risk management. Some of the organizational process assets that can be updated as a result of audits are risk management templates, risk categories, risk databases, and lessons learned1 . References: PMBOK Guide, 6th edition, pages 456-457, 481-4821; PMI-RMP Exam Content Outline, 2015, page 9

The project manager should have performed risk identification exercises for the full lifecycle of the project, including the construction phase, to ensure that all potential risks were identified and addressed in the risk register.

Risk identification is the process of determining the risks that may affect the project and documenting their characteristics. Risk identification should be performed throughout the project lifecycle, as new risks may emerge or change over time. Risk identification should also consider all aspects of the project, such as scope, schedule, cost, quality, resources, stakeholders, and procurement. By performing risk identification exercises for the full lifecycle of the project, the project manager could have identified and planned for the potential risks associated with the construction phase, such as delays, material shortages, quality issues, or safety hazards. This would have helped to prevent or mitigate the impact of the risk event that occurred, and to ensure that the risk register is updated and comprehensive. Performing a Monte Carlo sensitivity analysis, adding generic construction risks, or reviewing the assumptions/exclusions register are not sufficient or effective ways of identifying the specific risks that may affect the project during the construction phase. These are either tools for risk analysis, risk response planning, or project initiation, but not risk identification. References: PMI-RMP® Certification Handbook1, page 9; PMBOK® Guide, pages 397-398.

The The project manager should include secondary and residual risks as part of the risk response plan. Secondary risks are those risks that arise as a direct result of implementing a risk response to a specific risk. Residual risks are those risks that are expected to remain after the planned responses of risks have been taken, as well as those that have been deliberately accepted. Both secondary and residual risks should be identified, analyzed, and monitored throughout the project life cycle. The project manager should communicate the risk response plan to the project sponsor and other stakeholders, and explain how the project team has planned to manage the secondary and residual risks12

References: 1: PMI Risk Management Professional (PMI-RMP)® Handbook, page 10 2: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition, page 11.2.2.1

project manager should include secondary and residual risks in the risk response plan, as they may still impact the project. Proactively addressing these risks will help the project team to be prepared and manage them effectively if they occur.

A risk trigger is an indication or warning sign that a risk is about to occur or has occurred. A risk trigger can be an event, a condition, or a situation that signals the onset of a risk. A risk trigger can help the project team to identify and respond to risks in a timely manner. In this case, the lack of space to install air conditioners is a risk with high impact on the project. A potential need to share the space with other machinery is an example of an early risk trigger, because it indicates that the space issue may become a problem in the future. If the project team detects this trigger, they can take proactive actions to avoid or mitigate the risk, such as finding an alternative location, modifying the design, or negotiating with the stakeholders. References: PMI, The Standard for Risk Management in Portfolios, Programs, and Projects, 2019, p. 102-103.

The project charter is the first resource the project manager should reference to determine the risk tolerance and risk attitudes of the project’s key stakeholders, as it contains information such as the project purpose, objectives, success criteria, high-level risks, and key stakeholder list. The project charter is an output of the Develop Project Charter process, which is part of the Initiating process group. The project charter provides the project manager with the authority to apply organizational resources to project activities and establishes a partnership between the performing organization and the requesting organization. References: PMBOK Guide, 6th edition, page 81-82.

Enterprise environmental factors (EEFs) provide information about the organization's culture, risk tolerance, and risk attitudes, which can help the project manager determine the risk tolerance and risk attitudes of the project's key stakeholders. (Reference: PMBOK Guide, 6th Edition, p. 39)

The project manager should reassess the risks and analyze the reserve to determine if any adjustments can be made to accommodate the expected additional work. This will help in identifying potential budget-saving measures and making informed decisions on how to proceed.

According to the PMI Risk Management Professional (PMI-RMP) Reference Materials, risk reassessment is the process of reanalyzing existing project risks and identifying new risks throughout the project life cycle1. Reserve analysis is the process of estimating the amount of contingency reserve and management reserve needed to account for the uncertainty and variability of the project2. In this case, the project manager should conduct a risk reassessment and reserve analysis as the next step, because the budget overruns during execution have changed the risk profile of the project and reduced the available funds to handle future risks. By conducting a risk reassessment, the project manager can update the risk register and the risk response plan with the current status of the project risks and the effectiveness of the risk responses. By conducting a reserve analysis, the project manager can determine if the remaining contingency reserve and management reserve are sufficient to cover the potential impact of the project risks, and request additional funds if needed.

References: 1: PMI, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Sixth Edition, 2017, p. 442 2: PMI, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Sixth Edition, 2017, p. 215

The project manager should address the communication risk by meeting the client's preference for face-to-face conversations. This can be achieved by planning face-to-face meetings for critical milestones.

 Communication issues with the client are a potential risk that can affect the project scope, schedule, quality, and stakeholder satisfaction. To avoid this risk, the project manager should align the communication methods and preferences with the client’s expectations and needs. If the client prefers face-to-face conversations, the project manager should respect that and meet the client in person whenever possible. This can help build trust, rapport, and clarity between the project manager and the client. The project manager should also plan for critical milestone meetings with the client to review the project progress, deliverables, and feedback. This can help ensure that the project is on track and meets the client’s requirements and satisfaction. References: PMI, 2017. A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition. Newtown Square, PA: Project Management Institute, Inc., pp. 376-3771

To ensure an effective risk management plan, the risk manager needs to consider aligning the plan to project constraints and priorities and obtaining stakeholder acceptance, as these factors will help ensure that the plan is relevant and supported by the project team and stakeholders.

 According to the PMI-RMP Handbook, the risk management plan is a document that describes how risk management activities will be structured and performed on the project. It is one of the main outputs of the Plan Risk Management process. The risk management plan should consider the following factors to ensure its effectiveness:

• Aligning to project constraints and priorities: The risk management plan should be aligned with the project objectives, scope, schedule, cost, quality, resources, and stakeholder expectations. It should also reflect the project’s risk appetite, tolerance, and threshold levels, which indicate the degree of uncertainty that the project can accept. The risk management plan should prioritize the risk management activities based on the project’s critical success factors and key performance indicators.
• Obtaining stakeholder acceptance: The risk management plan should be developed with the involvement and input of key stakeholders, such as the project sponsor, customer, team members, subject matter experts, and other relevant parties. The risk management plan should be communicated and approved by the stakeholders to ensure their commitment and support for the risk management process. The risk management plan should also define the roles and responsibilities of the stakeholders in risk management, as well as the reporting and escalation mechanisms.

The other options are not valid factors for ensuring an effective risk management plan:

• Applying modern risk management techniques: The risk management plan should apply the appropriate risk management techniques that suit the project’s context, complexity, and characteristics. The techniques should be based on the best practices and standards of the profession, such as the PMBOK® Guide and the Practice Standard for Project Risk Management. The techniques do not have to be modern or innovative, as long as they are effective and efficient.
• Ensuring risk response strategies mitigate all risks: The risk management plan should define the risk response strategies that will be used to address the identified risks. However, the risk response strategies do not have to mitigate all risks, as some risks may be accepted, transferred, or avoided. The risk response strategies should be based on the risk analysis and evaluation, which consider the probability and impact of the risks, as well as the cost and benefits of the responses.
• Minimizing implementation costs: The risk management plan should consider the budget and resources available for the risk management activities. However, the risk management plan should not aim to minimize the implementation costs at the expense of the quality and effectiveness of the risk management process. The risk management plan should balance the costs and benefits of the risk management activities, and ensure that they provide value to the project.

References: PMI-RMP Handbook1, PMBOK® Guide2, Practice Standard for Project Risk Management2

The risk identification technique that the risk manager should use is the nominal group technique. This technique involves bringing stakeholders together to brainstorm potential risks and then ranking them based on their importance. This allows for interaction and collaboration among stakeholders, which can help ensure that an exhaustive list of risks is created.

The nominal group technique is a risk identification technique that involves the interaction and collaboration of stakeholders to generate an exhaustive list of risks. It is a structured process that allows each participant to share their ideas independently, then rank and prioritize them as a group. This technique ensures that all opinions are considered and reduces the influence of dominant or biased individuals12

References: 1: PMI Risk Management Professional (PMI-RMP)® Handbook, page 10 2: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition, page 11.2.2.1

Adding correlation to the model accounts for the relationship between activities, which can result in increased variability in the model's outcomes. This will increase the standard deviation, which is a measure of the uncertainty in the model.

 According to the PMBOK Guide, 6th edition, Chapter 11: Project Risk Management1, an effect of adding the correlation to the Monte Carlo schedule risk analysis model is that it increases the standard deviation of the model. This is because:

• Correlation is the statistical relationship between two or more variables. In a schedule risk analysis, correlation can be used to model the dependency between the durations of different activities. For example, if two activities are positively correlated, it means that if one activity takes longer than expected, the other activity is also likely to take longer than expected. Conversely, if two activities are negatively correlated, it means that if one activity takes longer than expected, the other activity is likely to take shorter than expected.
• A Monte Carlo schedule risk analysis is a simulation technique that uses random values for uncertain variables, such as activity durations, to generate possible outcomes for the project schedule. The simulation is repeated many times to produce a probability distribution of the project completion date and duration. The standard deviation is a measure of the variability or dispersion of the distribution. A higher standard deviation means that the distribution is more spread out and less predictable.
• Adding correlation to the Monte Carlo schedule risk analysis model increases the standard deviation of the model because it introduces more variability and uncertainty to the simulation. Correlated activities can have a cumulative effect on the project schedule, either positively or negatively, depending on the direction and strength of the correlation. This can result in more extreme outcomes for the project completion date and duration, which increase the spread of the distribution and the standard deviation.

References:

• PMBOK Guide, 6th edition, Chapter 11: Project Risk Management1
• Risk Management Professional (PMI-RMP)® Exam Cert Guide2

The project’s contingency allowance is a provision in the project budget that is intended to cover known risks that may affect the project costs. The risk of increased fuel costs was identified and included in the contingency allowance, so the project manager should use it to process the freight invoices at the actual shipping costs. This is the best way to handle the risk without affecting the project scope, schedule, or quality. Requesting a formal change order from the customer (option B) is not necessary, as the project budget already has a provision for this risk. Processing the freight invoices for the budgeted amount and hoping the shipping company will forgive the difference (option C) is unethical and unprofessional, as it violates the terms of the contract and the PMI Code of Ethics and Professional Conduct. Asking the project sponsor to cover the additional shipping costs on the company’s reserves account (option D) is also not appropriate, as the company’s reserves are meant for unknown risks that are beyond the project’s control, not for known risks that are already accounted for in the project budget. References: PMI, The Standard for Risk Management in Portfolios, Programs, and Projects, 2019, p. 72; PMI, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), 6th ed., 2017, p. 252.

The project manager should use the contingency allowance to cover the additional shipping costs, as it was specifically included in the project budget for such risks. This approach avoids requesting unnecessary changes or relying on external sources to cover the cost overrun.

 According to the PMBOK Guide, 6th edition, Section 11.6.2.1, Sensitivity Analysis, a sensitivity analysis is a technique that helps to determine which individual project risks or other sources of uncertainty have the most potential impact on project outcomes. A sensitivity analysis can be used to prioritize risks based on their relative effect on the project objectives, such as cost, schedule, quality, or scope. A sensitivity analysis can also help to identify areas where risk response efforts may be most effective. Therefore, the risk manager should perform a sensitivity analysis and determine the correct priority of every identified risk, rather than agreeing with the SME or the project sponsor, or marking every risk with the same or different priority without proper analysis. References: PMBOK Guide, 6th edition, Section 11.6.2.1, Sensitivity Analysis1

The risk manager should perform a sensitivity analysis to assess the impact of each risk on the project objectives. This will help in determining the correct priority of every identified risk, ensuring that resources are allocated effectively and that the most critical risks are addressed first.

According to the PMBOK Guide, one of the tools and techniques for the implement risk responses process is root cause analysis. Root cause analysis is a technique that focuses on identifying the fundamental reason for the occurrence of a problem or a risk. By conducting a root cause analysis, the risk owner can determine why the implemented measures were only partially successful and what caused the new unforeseen risk to emerge. This can help the risk owner to identify and implement more effective risk responses, as well as to update the risk register and the risk report with the new information1 . References: PMBOK Guide, 6th edition, pages 452-453, 474-4751; PMI-RMP Exam Content Outline, 2015, page 8.

 According to the PMBOK Guide, 6th edition, Section 11.1.3.1, Enterprise Environmental Factors, one of the factors that can influence the Plan Risk Management process is the organization’s risk attitude, appetite, tolerance, and thresholds. These terms describe the degree of uncertainty that an organization is willing to accept in pursuit of its goals, and how it approaches, operates, and responds to risk. Therefore, when presenting their work to management, the risk manager should focus on the risks that are tied to the success of the organization, and the risks as they apply to the organization’s overall risk management philosophy and strategic ambition. These aspects can help the management to understand the alignment of the project risks with the organizational objectives and values, and to make informed decisions about risk responses. The other options are less relevant or too specific for a management presentation, and may not reflect the organization’s risk attitude or priorities. References: PMBOK Guide, 6th edition, Section 11.1.3.1, Enterprise Environmental Factors1

The risk manager should focus on risks that are directly tied to the success of the organization and those that align with the organization's risk management philosophy and strategic ambition. This will ensure that management is informed about the most relevant risks and opportunities for the project.

According to the PMBOK Guide, one of the tools and techniques for the identify risks process is data gathering. Data gathering is the process of collecting information from various sources to identify potential risks that may affect the project objectives. Some of the data gathering techniques are brainstorming, interviews, checklists, assumption and constraint analysis, and document analysis1. To conduct a risk identification exercise using data gathering techniques, the risk manager should take the following actions:

• Arrange a team meeting, review the project’s scope, and discuss dependency mapping. This action can help the risk manager to facilitate a brainstorming session with the project team and other subject matter experts, where they can generate a list of potential risks based on the project scope and the dependencies among the project activities. Dependency mapping is a technique that helps to identify the relationships and interdependencies among the project components, such as tasks, resources, deliverables, and stakeholders2. By reviewing the project scope and discussing the dependency mapping, the risk manager can ensure that the risk identification exercise covers all the relevant aspects of the project and does not miss any important risk sources.
• Ensure that all the relevant stakeholders participate. This action can help the risk manager to obtain different perspectives and insights from the stakeholders who have different roles, interests, and expectations in the project. Stakeholders are individuals or groups who can affect or be affected by the project outcomes. They may have valuable information, experience, or expertise that can help to identify potential risks that may not be obvious to the project team. By ensuring that all the relevant stakeholders participate in the risk identification exercise, the risk manager can increase the comprehensiveness and accuracy of the risk identification process and foster stakeholder engagement and buy-in1. References: PMBOK Guide, 6th edition, pages 397-399, 414-4151; Mastering the PMI Risk Management Professional (PMI-RMP) Exam, page 70

Residual risks are the risks that remain after the risk response plan has been implemented. They are the risks that are accepted by the project team and stakeholders as part of the project. Residual risks may have low probability or impact, but they still need to be monitored and controlled throughout the project. The first thing that the risk manager should do when a risk owner identifies and reports some residual risks is to analyze, document, and communicate them to the relevant stakeholders. The risk manager should assess the probability and impact of the residual risks, and determine if they require any further response or contingency plan. The risk manager should also update the risk register and the risk report with the information about the residual risks, and share them with the stakeholders who need to be aware of them. This will help the project team and stakeholders to be prepared for any potential occurrence of the residual risks, and to take appropriate actions if needed. References: PMI, The Standard for Risk Management in Portfolios, Programs, and Projects, 2019, p. 94-95, 101.