PMI PMI-RMP PMI Risk Management Professional (PMI-RMP) Exam Exam Practice Test

 According to the PMI-RMP Exam Content Outline1, one of the tasks in the domain of risk identification is to “review project documents, assumptions, and constraints, and understand the project environment and organizational factors to identify risks”. The project charter, work breakdown structure (WBS), and scope statement are essential project documents that provide information about the project objectives, deliverables, requirements, assumptions, and constraints. Without these elements, the risk manager will have difficulty identifying and evaluating the risks that may affect the project. Therefore, the best answer is D. References: 1: PMI-RMP Exam Content Outline, page 7.

According to the PMBOK Guide, 6th edition, Chapter 11: Project Risk Management1, the risk manager should request the risk management plan first from the project sponsor to identify major risks. This is because:

• The risk management plan is a document that describes how risk management activities will be planned, structured, and performed throughout the project life cycle. The risk management plan provides guidance and direction for the risk manager and the project team on how to identify, analyze, prioritize, respond, and monitor risks, as well as how to allocate resources, define roles and responsibilities, establish risk categories, and document risk-related information.
• The risk management plan is a key input for the risk identification process, which is the process of determining which risks may affect the project and documenting their characteristics. The risk identification process involves using various tools and techniques, such as brainstorming, interviews, checklists, assumptions and constraints analysis, SWOT analysis, expert judgment, and data gathering, to generate a comprehensive list of potential risks that may impact the project objectives, such as scope, schedule, cost, quality, or stakeholder satisfaction.
• The risk management plan helps the risk manager to identify major risks by providing the following information:
• The other options are not the best documents to request first from the project sponsor to identify major risks because:

References:

• PMBOK Guide, 6th edition, Chapter 11: Project Risk Management1
• Risk Management Professional (PMI-RMP)® Exam Cert Guide2

Regression analysis is a data analysis tool that helps identify variables that impact the schedule and determine how these factors interact. It is used to forecast future performance based on historical data and the relationship between variables. (Reference: PMBOK Guide, 6th Edition, p. 248)

According to the PMI Risk Management Professional (PMI-RMP) Reference Materials, regression analysis is a data analysis tool that examines the relationship between one or more independent variables and a dependent variable1. Regression analysis can be used to forecast future performance based on historical data and trends2. In this case, the risk manager wants to identify which variables will impact the schedule (the dependent variable) and determine how these factors interact (the independent variables). Therefore, the risk manager should use regression analysis to create a mathematical model that can predict the schedule performance based on the values of the variables. Regression analysis can also help the risk manager to assess the significance and strength of the relationship between the variables and the schedule3.

References: 1: PMI, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Sixth Edition, 2017, p. 720 2: PMI, Practice Standard for Project Risk Management, 2009, p. 95 3: Tips and Tricks for Passing the Risk Management Professional (PMI-RMP …

The expected monetary value (EMV) for this project can be calculated as follows: (0.6 x US$100,000) - (0.4 x US$100,000) = US$60,000 - US$40,000 = US$20,000 profit.

The EMV of a project is the weighted average of the possible outcomes, which are a US$100,000 profit or a US$100,000 loss in this case. To calculate the EMV, we multiply the probability of each outcome by its monetary value, and then add them together. The formula is:

EMV = (Probability of profit x Value of profit) + (Probability of loss x Value of loss)

In this case, the probability of profit is 60%, and the value of profit is US$100,000. The probability of loss is 40%, and the value of loss is -US$100,000 (negative because it is a loss). Therefore, the EMV is:

EMV = (0.6 x 100,000) + (0.4 x -100,000) EMV = 60,000 - 40,000 EMV = US$20,000

This means that the project has an expected monetary value of US$20,000 profit, which is the answer option B. The other options are incorrect because they do not match the EMV calculation.

The EMV is a useful tool for comparing different projects or alternatives based on their expected values. However, it does not account for the variability or uncertainty of the outcomes, which may also affect the project decision making. For example, a project with a higher EMV but a higher risk may not be preferable to a project with a lower EMV but a lower risk. Therefore, the EMV should be used with caution and in conjunction with other risk analysis techniques.

For more information on the EMV and other risk analysis methods, you can refer to the PMI Risk Management Professional (PMI-RMP) Examination Content Outline and Specifications, the A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, and the Expected Monetary Value (EMV): A Guide With Examples. I hope this helps you understand the concept of EMV and how to apply it to project risk management

According to the PMBOK® Guide1, the risk management plan is a component of the project management plan that describes how risk management activities will be structured and performed. It provides guidance on how the project team will identify, analyze, respond, monitor, and control risks throughout the project life cycle. The risk management plan should be reviewed and updated whenever there are changes in the project scope, schedule, budget, or objectives, as these changes may introduce new risks or affect the existing ones. In this case, the organization’s decision to accelerate a key project is a significant change that may alter the risk profile of the project. Therefore, the first action for the project risk manager to take is to revise the risk management plan to reflect the new situation and ensure that the risk management processes are aligned with the project objectives and constraints. This is part of the Plan Risk Management process in the PMBOK® Guide1. References: 1: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition

According to the PMI Risk Management Professional (PMI-RMP)® Examination Content Outline1, one of the tasks in the domain of Risk Response is to recommend risk response strategies based on the risk appetite and tolerance of the organization and stakeholders1. One of the strategies for negative risks or threats is risk acceptance, which involves acknowledging the existence of a threat and making a conscious decision to accept it without taking any action2. In this scenario, the risk manager should recommend risk acceptance for the risk items that would be detrimental to project success, but the associated triggers cannot be managed by the organization and are unlikely to occur. Risk acceptance is appropriate when the risk exposure is low, the cost of other responses is high, or the risk response is outside the scope or influence of the project3. The risk manager should not recommend risk mitigation, which involves reducing the probability and/or impact of a threat2. The risk manager should not recommend risk enhancement, which is a strategy for positive risks or opportunities, not negative risks or threats2. The risk manager should not recommend risk exploitation, which is also a strategy for positive risks or opportunities, not negative risks or threats2. References: 1: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, page 102: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4363: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 437.

The project manager should apply an iterative approach to risk identification, which involves continuous risk identification throughout the project lifecycle. This will help to identify and address new risks that may arise during the project.

According to the PMBOK® Guide, risk identification is the process of determining which risks may affect the project and documenting their characteristics. It is an iterative process because new risks may evolve or become known only as the project progresses through its life cycle. There are many techniques available for risk identification and assessment, such as brainstorming, interviews, checklists, SWOT analysis, cause and effect diagrams, etc. The project manager should apply an iterative approach to risk identification to ensure that all relevant risks are captured and updated throughout the project. The project manager should also involve the project team and other stakeholders in the risk identification process to obtain their input and perspectives.

The other options are not valid for the next step after explaining the importance of risk management to the team:

• Review assumptions and constraints around risks: This is a technique for risk identification, but it is not the only one. The project manager should use a combination of techniques to identify risks, not just focus on one aspect. Also, reviewing assumptions and constraints is not the same as applying an iterative approach, which implies repeating the risk identification process at regular intervals or when changes occur.
• Develop the risk response plans for identified risks: This is a step in the Plan Risk Responses process, which comes after the Perform Qualitative Risk Analysis and Perform Quantitative Risk Analysis processes. The project manager should not develop the risk response plans before identifying and analyzing the risks.
• Determine the likelihood and impact of the risks: This is a step in the Perform Qualitative Risk Analysis process, which comes after the Identify Risks process. The project manager should not determine the likelihood and impact of the risks before identifying them.

References: PMBOK® Guide1, Risk Management Professional (PMI-RMP)® Cert Guide

According to the PMI-RMP Exam Content Outline1, one of the tools and techniques for risk identification is the Delphi technique. This is a method of obtaining expert opinions anonymously and iteratively until a consensus is reached. The Delphi technique can help overcome the problem of SMEs being reluctant to participate in risk identification because it allows them to express their views without fear of criticism or confrontation from other participants. The Delphi technique can also reduce the influence of dominant or biased individuals and encourage honest and independent feedback. Therefore, the best answer is B. References: 1: PMI-RMP Exam Content Outline, page 8.

According to the PMBOK Guide, one of the tools and techniques for the implement risk responses process is root cause analysis. Root cause analysis is a technique that focuses on identifying the fundamental reason for the occurrence of a problem or a risk. By conducting a root cause analysis, the risk owner can determine why the implemented measures were only partially successful and what caused the new unforeseen risk to emerge. This can help the risk owner to identify and implement more effective risk responses, as well as to update the risk register and the risk report with the new information1 . References: PMBOK Guide, 6th edition, pages 452-453, 474-4751; PMI-RMP Exam Content Outline, 2015, page 8.

According to the PMBOK Guide, 6th edition, Section 11.4.3.1, Risk Thresholds, risk thresholds are the level of risk exposure above which risks are addressed and below which risks may be accepted. Risk thresholds are determined by the organization’s risk appetite, which is the degree of uncertainty that an organization is willing to accept in pursuit of its goals. Therefore, when the project manager is informed by the risk owner that the exposure from two high-impact risks are hitting the risk thresholds, the project manager should complete an assessment and confirm the response with the sponsors, who are the key stakeholders for the project and have a low risk appetite. The project manager should not update the project management plan, perform an assumptions and constraints analysis, or implement mitigation measures without first consulting with the sponsors and obtaining their approval. References: PMBOK Guide, 6th edition, Section 11.4.3.1, Risk Thresholds

A contingency response plan helps the project manager to be prepared for unexpected situations, such as delays in equipment mobilization. This plan should outline alternative actions to take in case of such delays, minimizing the impact on the project.

According to the PMBOK® Guide, a contingency response plan is a predefined action that the project team will take if an identified risk event occurs. It is part of the risk response plan, which is the output of the Plan Risk Responses process. The contingency response plan helps the project team to reduce the impact of the risk event on the project objectives, such as scope, schedule, cost, and quality. The contingency response plan should be documented in the risk register, along with the risk triggers, the assigned risk owners, and the allocated contingency reserves.

The project manager for project X should prepare a contingency response plan to avoid the situation of being dependent on the availability of critical equipment from another project, project Y. This is because the equipment mobilization is an external dependency, which is a type of inter-project dependency that occurs when a project relies on another project for a deliverable or resource. Inter-project dependencies are a source of risk for the project, as they may cause delays, conflicts, or changes in the project scope or quality. The project manager should identify, analyze, and monitor the inter-project dependencies, and plan appropriate risk responses to deal with them.

The contingency response plan for the equipment mobilization could include alternative sources of equipment, such as renting, purchasing, or borrowing from other projects or vendors. The contingency response plan could also include schedule adjustments, such as fast-tracking, crashing, or re-sequencing the activities that require the equipment. The contingency response plan should be implemented when the risk trigger occurs, such as the notification of the delay from the other project manager. The project manager should also communicate the contingency response plan to the relevant stakeholders, such as the project sponsor, customer, team members, and other project managers.

The other options are not valid for avoiding the situation in the future:

• Ask the other project manager to officially confirm the new date in writing: This is not a valid option because it does not address the root cause of the problem, which is the dependency on the equipment from another project. Asking for a confirmation in writing may help to document the issue and track the progress, but it does not prevent the situation from happening again. The project manager should plan for the possibility of delays or changes in the equipment availability, and not rely on the other project manager’s promises or commitments.
• Request that the other project manager be added to relevant reports: This is not a valid option because it does not address the root cause of the problem, which is the dependency on the equipment from another project. Adding the other project manager to the relevant reports may help to improve the communication and coordination between the projects, but it does not prevent the situation from happening again. The project manager should plan for the possibility of delays or changes in the equipment availability, and not rely on the other project manager’s information or updates.
• Request that the other project manager inform if any additional delays are expected: This is not a valid option because it does not address the root cause of the problem, which is the dependency on the equipment from another project. Requesting the other project manager to inform if any additional delays are expected may help to anticipate and prepare for the impact, but it does not prevent the situation from happening again. The project manager should plan for the possibility of delays or changes in the equipment availability, and not rely on the other project manager’s forecasts or estimates.

References: PMBOK® Guide1, Project interdependency management2, Interdependencies among projects in project portfolio management3, Mastering PMI-RMP Domains, Tasks, and Enablers for Effective Risk4

According to the PMI Risk Management Professional (PMI-RMP)® Examination Content Outline1, one of the tasks in the domain of Risk Response is to execute the approved risk response plan in accordance with project guidelines and procedures1. A risk response plan is a component of the project management plan that describes the agreed-upon and funded actions to address the project risks, both positive and negative2. In this scenario, the risk manager should execute the approved risk response plan to deal with the new risk that appears when requesting fuel from another supplier, which will cause delays with several other projects. The risk response plan should have been developed and approved during the risk response planning process, which involves selecting and prioritizing the appropriate risk strategies and actions for each risk3. The risk response plan should also be aligned with the project guidelines and procedures, which are the rules and directions that define the project’s scope, schedule, cost, quality, and other aspects4. The risk manager should not escalate the problem to the project sponsors, because that is not a risk response strategy, but rather a way to seek higher-level authority or support for a risk that is outside the project’s scope or influence5. The risk manager should not negotiate with the supplier to resolve the problem, because that is not a risk response strategy, but rather a procurement management technique that involves reaching a mutually acceptable agreement with the supplier on the terms and conditions of the contract6. The risk manager should not assign a team member to update the issue log, because that is not a risk response strategy, but rather a risk monitoring and reporting technique that involves tracking and documenting the issues that have occurred or are currently affecting the project7. References: 1: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, page 102: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4143: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4404: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 385: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4376: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4717: What Is an Issue Log? Templates & Tips7.

The risk management plan provides guidance on how often the risk register should be updated or reviewed. It takes into account the specific industry, project, and organizational context, including the business rhythm.

The risk management plan is a document that describes how risk management activities will be structured and performed on a project. It defines the roles and responsibilities, risk categories, risk appetite and thresholds, risk identification and analysis methods, risk response strategies, risk monitoring and reporting mechanisms, and risk governance mechanisms1. The risk management plan should be aligned with the project management plan, which defines the project scope, schedule, cost, quality, and other aspects2. When an organization decides to accelerate a key project, it means that the project objectives, assumptions, constraints, and environment have changed. This will affect the risk exposure and profile of the project, as well as the risk management approach and resources. Therefore, the first action for the project risk manager to take is to revise the risk management plan to reflect the new situation and ensure that the risk management process is still effective and efficient. Revising the risk management plan may involve updating the risk categories, risk appetite and thresholds, risk identification and analysis methods, risk response strategies, risk monitoring and reporting mechanisms, and risk governance mechanisms to suit the accelerated project. The project risk manager should also communicate the revised risk management plan to the relevant stakeholders and obtain their approval and support1. Ensuring sufficient resources are available, updating the risk register, and meeting with the project’s stakeholders are all important actions to take when accelerating a project, but they are not the first action. These actions should be done after revising the risk management plan, as they depend on the updated risk management approach and process. For example, the project risk manager may need to allocate more resources to risk management activities, identify and analyze new or changed risks, implement new or modified risk responses, and report the risk status and performance to the stakeholders based on the revised risk management plan1. References: 2, 1.

Increasing variances during the execution phase imply that the uncertainty and risk are increasing, as the project performance is deviating from the planned values.

According to the PMBOK® Guide – Sixth Edition1, variance analysis is a technique used to compare the actual performance of the project against the planned or expected performance. It can be applied to various aspects of the project, such as scope, schedule, cost, quality, and risk. Variance analysis can help identify deviations from the baseline and determine the causes and impacts of those deviations. If the variances are shown as increasing, it means that the actual performance is deviating more and more from the planned performance, which implies that the uncertainty and risk are increasing. This could affect the project objectives and deliverables, and require corrective or preventive actions to bring the project back on track. The other options are not correct, as they are either too specific (B and D) or contradictory © to the result of the variance analysis. References: PMBOK® Guide – Sixth Edition, pages 262-263.

 According to the PMBOK Guide, one of the tools and techniques for the identify risks process is data gathering. Data gathering is the process of collecting information from various sources to identify potential risks that may affect the project objectives. One of the data gathering techniques is document analysis, which involves reviewing and analyzing available project documents and other information sources to identify potential risks1.

Two of the artifacts that will help the risk manager conduct the initial risk assessment for a six month initiative are the work breakdown structure (WBS) and the project organizational chart. These are two of the project documents that can be analyzed for potential risks in the project.

• The work breakdown structure (WBS) is a hierarchical decomposition of the total scope of work to be carried out by the project team to accomplish the project objectives and create the required deliverables. The WBS represents the work defined in the current approved project scope statement and provides the framework for detailed cost estimating, resource planning, and risk management. By reviewing the WBS, the risk manager can identify potential risks that are associated with each work package, deliverable, or scope element, such as technical complexity, quality requirements, dependencies, assumptions, constraints, and uncertainties1.
• The project organizational chart is a graphical representation of the project team members and their reporting relationships. The project organizational chart depicts the roles and responsibilities of the project team, as well as the communication channels and authority levels among the team members and other stakeholders. By reviewing the project organizational chart, the risk manager can identify potential risks that are related to the project team structure, such as resource availability, skill gaps, team dynamics, stakeholder expectations, and conflict resolution1.

Some of the other options are not relevant or appropriate for the question scenario:

• The configuration management plan is a component of the project management plan that describes how the project team will manage the configuration of the project’s deliverables and documentation. The configuration management plan defines the processes, tools, and methods for identifying, controlling, tracking, and auditing the changes to the project’s baselines. The configuration management plan is not an artifact that will help the risk manager conduct the initial risk assessment, as it does not provide information on the potential risks that may affect the project objectives or scope1.
• Brainstorming is a technique for the identify risks process that involves generating a list of potential risks through a group discussion. Brainstorming is not an artifact, but rather a tool and technique for identifying risks. Brainstorming can help the risk manager conduct the initial risk assessment, but only after reviewing and analyzing the available project documents and information sources1.
• Monte Carlo analysis is a technique for the perform quantitative risk analysis process that involves simulating the combined effect of individual project risks and other sources of uncertainty on the project objectives, such as cost or schedule. Monte Carlo analysis is not an artifact, but rather a tool and technique for analyzing risks. Monte Carlo analysis can help the risk manager conduct the initial risk assessment, but only after identifying and prioritizing the individual project risks and their probability and impact1.

References: PMBOK Guide, 6th edition, pages 397-399, 414-415, 431-432, 441-442, 156-157, 168-169, 89-901; PMI-RMP Exam Content Outline, 2015, page 7.

Quantitative risk analysis helps determine the minimum acceptable level of exposure and impact for each risk. It also helps to understand if the maximum level of exposure has been reached before escalating the risk. (Reference: PMBOK Guide, 6th Edition, p. 423)

The team should perform quantitative risk analysis, which is the process of numerically analyzing the effect of identified risks on overall project objectives. Quantitative risk analysis can help the team to establish the minimum acceptable level of exposure and impact for each risk, as well as the maximum level of exposure before escalation. Quantitative risk analysis can also provide probabilistic estimates of project outcomes, such as cost and schedule, and support risk prioritization and decision making. References: PMI, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Sixth Edition, 2017, p. 399; PMI, The Standard for Risk Management in Portfolios, Programs, and Projects, 2019, p. 69.

The overall goal of selecting strategies during the Plan Risk Response activity is to choose those strategies that have the greatest overall positive influence on the project, considering factors such as cost, schedule, and resources.

According to the PMI Risk Management Professional (PMI-RMP)® Examination Content Outline1, one of the tasks in the domain of Risk Response is to select risk response strategies based on the risk appetite and tolerance of the organization and stakeholders1. The overall goal of selecting risk response strategies is to select the strategies with the greatest overall positive influence on the project objectives, such as scope, schedule, cost, quality, etc. The risk response strategies should aim to enhance the opportunities and reduce the threats to the project, while considering the cost-benefit analysis, the feasibility, and the alignment with the project goals and stakeholder expectations2. The risk response strategies should not be selected based on the least overall impact to resources, because that may not be the most effective or efficient way to address the risks, and it may ignore the potential benefits of some strategies that may require more resources but also deliver more value3. The risk response strategies should not be selected based on the least financial impact, because that may not be the most relevant or comprehensive criterion to evaluate the risks, and it may overlook other aspects of the project, such as quality, customer satisfaction, reputation, etc. that may also be affected by the risks4. The risk response strategies should not be selected based on the greatest benefit to stakeholders, because that may not be the most realistic or achievable goal, and it may create conflicts or trade-offs among different stakeholder groups that may have different or competing interests, needs, and expectations5. References: 1: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, page 102: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4403: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4414: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4425: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 518.

The project manager should consider stakeholders' positions and opinions regarding the project's output when engaging stakeholders. This approach helps to address stakeholders' concerns, expectations, and potential objections, and it can lead to better decision-making and more successful project outcomes. It is important for the project manager to maintain open communication with stakeholders and to be responsive to their needs and perspectives.

According to the PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, one of the tasks under the domain of stakeholder engagement is to “engage stakeholders by communicating with them to understand their positions and opinions regarding the project’s output, and to ensure that their interests are considered in the risk management process” (Task 1.3). This implies that the project manager should consider stakeholders’ perspectives and expectations when engaging them, and not ignore, exclude, or impose on them. Therefore, option D is the correct answer.

Option A is incorrect because not all stakeholders need to be involved in the project’s governance, which is the set of policies, processes, and procedures that define how the project is managed and controlled. The project’s governance should be determined by the project sponsor and the project management office (PMO), and only include those stakeholders who have authority and responsibility for the project’s success.

Option B is incorrect because communicating response strategies to all stakeholders is not a stakeholder engagement activity, but a risk communication activity. The project manager should communicate response strategies to the relevant stakeholders who are assigned to implement or monitor them, and not to all stakeholders indiscriminately.

Option C is incorrect because ignoring any risks beyond stakeholders’ tolerance is not a stakeholder engagement activity, but a risk attitude activity. The project manager should identify and assess all risks that may affect the project’s objectives, regardless of stakeholders’ tolerance levels. The project manager should also consult with stakeholders to determine their risk appetite, threshold, and attitude, and use this information to prioritize and respond to risks accordingly.

References: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, pages 5-61

The risk manager should conduct a risk planning workshop with senior management and other key stakeholders to review the risk management plan, the risk register, and the contingency reserves. The risk manager should explain the purpose and benefits of contingency reserves, and how they are calculated and allocated based on the risk exposure of the project. The risk manager should also discuss the potential impact of removing or reducing the contingency reserves on the project objectives, scope, schedule, cost, and quality. The risk manager should facilitate a collaborative decision-making process to reach a consensus on the best course of action for the project. References: PMI, The Standard for Risk Management in Portfolios, Programs, and Projects, 2019, p. 77-78, 92-93.

The project manager should add the assumptions and constraints to the assumption log to track and analyze their impact on the project. The assumption log is a project document that records all project assumptions and constraints throughout the project life cycle. (Reference: PMBOK Guide, 6th Edition, p. 89)

The project manager should add the assumptions and constraints to the assumption log, which is a project document that records the assumptions and constraints that affect the project scope, schedule, cost, and quality. The assumption log can help the project manager to identify and analyze the risks that may arise from the validity of the assumptions and the impact of the constraints. The assumption log can also be used as an input for the Identify Risks process, where the project manager can determine the risk impact of the assumptions and constraints and add them to the risk register accordingly. References: PMI, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Sixth Edition, 2017, p. 38, 397.

Quantitative risk analysis helps to numerically analyze the probability and impact of risks on project objectives. By performing quantitative risk analysis, the risk manager can present the risks with the most impact on achieving the project objectives to the project sponsor. (Reference: PMBOK Guide, 6th Edition, p. 423)

According to the PMI Risk Management Professional (PMI-RMP) Reference Materials, sensitivity analysis is a type of probabilistic analysis that determines how sensitive the results of the analysis are to uncertainties in input variables. Sensitivity analysis determines which uncertainty has the greatest potential for an impact on the project objectives, such as cost, schedule, scope, or quality1. In this case, the risk manager should use sensitivity analysis to facilitate the sponsor’s ask, as it will help to identify and present the risks that have the most impact on achieving the project objectives. Sensitivity analysis can also show how the project objectives will vary with the changes in the input variables, such as the probability and impact of risks2. Sensitivity analysis can be performed using various tools and techniques, such as tornado diagrams, spider charts, or influence diagrams3.

References: 1: PMI, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Sixth Edition, 2017, p. 403 2: PMI, Practice Standard for Project Risk Management, 2009, p. 95 3: Quantitative Risk Analysis in Project Management - PM-Training

 The project manager should proceed with the planned risk response to move the equipment, as this is the best way to deal with the weather-related risk that was identified and recorded in the risk register. A risk register is a document that lists all the identified risks, their causes, impacts, probabilities, and responses for a project1. A risk response is a strategy or action that is taken to reduce the negative effects or enhance the positive effects of a risk event2. A risk response should be planned and executed according to the risk management plan, which is a document that describes how risk management activities will be structured and performed on a project3. The risk management plan should also define the roles and responsibilities, risk categories, risk appetite and thresholds, risk identification and analysis methods, risk response strategies, risk monitoring and reporting mechanisms, and risk governance mechanisms3. Therefore, the project manager should follow the risk management plan and the risk register to implement the planned risk response to move the equipment, as this is the most effective and efficient way to manage the risk and meet the project objectives. Waiting until the weather improves before sending the equipment, asking the project sponsor to approve shipping the equipment, or requesting the shipment of the equipment to satisfy the client are not the best options to deal with the weather-related risk. Waiting until the weather improves may cause further delays and increase the cost and scope of the project, as well as damage the relationship with the client. Asking the project sponsor to approve shipping the equipment may not be necessary or feasible, as the project sponsor may not have the authority or the availability to make such a decision. Requesting the shipment of the equipment to satisfy the client may not be realistic or safe, as the bad weather may pose a threat to the quality and integrity of the equipment, as well as the health and safety of the people involved in the transportation. These options may also deviate from the risk management plan and the risk register, which may create confusion and inconsistency in the risk management process. References: 1, 2, 3.

An affinity diagram is a tool used to visually organize and group risks or ideas based on their similarities and categories. It helps in structuring the risks for further analysis and discussion. (Reference: PMBOK Guide, 6th Edition, p. 138)

 According to the PMBOK Guide, an affinity diagram is a tool and technique for the identify risks process that allows large numbers of ideas to be sorted into groups for review and analysis. An affinity diagram can help the risk manager to visually organize the risks identified in the pre-workshop survey by grouping them into categories based on their similarities or common characteristics. This can help the risk manager to facilitate the risk analysis and prioritization in the workshop, as well as to stimulate new patterns of thinking and generate additional risks.

Some of the other options are not relevant or appropriate for the question scenario:

• The analytical hierarchy process is a technique for the plan risk management process that provides a method for comparing and ranking alternatives based on multiple criteria. It is not a tool for visually organizing risks.
• A SWOT analysis is a technique for the identify risks process that examines the project from the perspective of its strengths, weaknesses, opportunities, and threats. It is not a tool for visually organizing risks, but rather for generating them.
• Assigning probability and impact is a technique for the perform qualitative risk analysis process that assesses the likelihood and the potential effect of each individual risk on the project objectives. It is not a tool for visually organizing risks, but rather for evaluating them.

References: PMBOK Guide, 6th edition, pages 397-399, 414-415, 431-432, 441-442; PMI-RMP Exam Content Outline, 2015, page 7.

According to the PMI Risk Management Professional (PMI-RMP)® Examination Content Outline1, a secondary risk is a risk that arises as a direct result of implementing a risk response to a specific risk. In this case, the risk response is to contract an external vendor to provide additional capacity and expertise to the project team. The secondary risk is the confidentiality risk that the contracts department has identified. The risk manager should assess the secondary risk to determine its probability, impact, and priority, and to plan appropriate responses. This is part of the Perform Qualitative Risk Analysis and Plan Risk Responses processes in the PMBOK® Guide2. References: 1: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline 2: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition

An Ishikawa diagram (also known as a fishbone or cause-and-effect diagram) is a tool used to identify and analyze the root causes and sources of a risk. It helps the risk manager gain a deeper understanding of the risk source and likelihood. (Reference: PMBOK Guide, 6th Edition, p. 139)

 An Ishikawa diagram, also known as a fishbone diagram or a cause-and-effect diagram, is a tool that can help the risk manager to analyze the root causes of a risk and to identify the factors that influence its occurrence and impact. An Ishikawa diagram can also help to visualize the relationships among different causes and to prioritize the most significant ones. By developing and employing an Ishikawa diagram, the risk manager can gain a deeper understanding of the source and likelihood of the risk and plan appropriate responses accordingly. References: The Standard for Risk Management in Portfolios, Programs, and Projects, page 72; PMBOK Guide, 6th edition, page 398.

The project risk manager should generate reports to assess and communicate the project risk level to stakeholders. This helps in making informed decisions and taking appropriate actions to manage risks effectively.

 The project risk manager should quantify the risk exposure that exceeds project contingency, as this will help to determine the amount of management reserve needed to cover the potential cost overruns or schedule delays. The project risk manager should also communicate this information to the project manager and other relevant stakeholders, and update the risk management plan accordingly. References: The Standard for Risk Management in Portfolios, Programs, and Projects, page 80; PMBOK Guide, 6th edition, page 407.

In this instance, the project manager should use quantitative analysis to simulate the overall risk outcome. Quantitative analysis techniques, such as Monte Carlo simulation or decision tree analysis, can be used to model the combined effect of individual risks on project objectives. By leveraging historical data, the project manager can generate more accurate and reliable risk assessments, which can help inform risk response strategies and improve project decision-making.

Quantitative analysis is a type of risk analysis that numerically analyzes the effect of identified risks on overall project objectives 1. It involves using historical data and other information to estimate the probability and impact of risks, and then applying mathematical techniques such as simulation, sensitivity analysis, decision tree analysis, or expected monetary value analysis to quantify the overall risk exposure of the project 2. Quantitative analysis can provide more accurate and objective results than qualitative analysis, which relies on subjective judgments and ratings. Quantitative analysis can also help the project manager prioritize risks, determine the optimal risk response strategy, and allocate contingency reserves 3. Therefore, the correct answer is D.

References: 1: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4311 2: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, page 102 3: Quantifying risk - Project Management Institute, page 11

 According to the PMBOK® Guide1, risk identification is the process of determining which risks may affect the project and documenting their characteristics. It involves the use of various techniques to gather information from different sources and perspectives, such as stakeholders, experts, historical data, assumptions, and environmental factors. Some of the common techniques for risk identification are meetings, facilitated workshops, interviews, brainstorming, checklists, questionnaires, SWOT analysis, and root cause analysis. These techniques help to elicit the knowledge and opinions of the participants, and to generate a comprehensive list of potential risks that can be further analyzed and prioritized. In this case, the risk management expert should recommend the agency to conduct meetings, facilitated workshops, and interviews with stakeholders to identify potential risks and develop the handbook. This will help to understand the context and objectives of the agency, the expectations and concerns of the farmers and landlords, the challenges and opportunities in the agriculture sector, and the possible sources and impacts of uncertainty. The risk management expert can then use the information gathered from these techniques to create a risk register and a risk management plan, which can form the basis of the handbook. This is part of the Identify Risks process in the PMBOK® Guide1. References: 1: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition

Engaging stakeholders through meetings, workshops, and interviews is crucial for risk identification, as it allows the agency to gather diverse perspectives and insights on potential risks. This approach is more effective than relying solely on standard tools or hiring an expert.

According to the PMI Risk Management Professional (PMI-RMP)® Handbook1, one of the domains of the PMI-RMP exam is Risk Monitoring and Reporting, which involves tracking identified risks, monitoring residual risks, identifying new risks, executing risk response plans, and evaluating risk process effectiveness throughout the project1. The risk manager of the related project should have reformed the risk monitoring and closing process properly to ensure that the contingency budget is only used for the intended risks and not for other purposes. The risk manager should have also communicated the status and outcomes of the risk activities to the relevant stakeholders, such as the functional manager and the CEO, to avoid any confusion or conflict over the budget allocation1. References: 1: PMI Risk Management Professional (PMI-RMP)® Handbook, page 6.

The risk manager should have ensured a more accurate project work plan and budget to prevent the functional manager from requesting to use the project's contingency budget. A well-planned budget would have avoided the shortage in the functional manager's department budget.

Legal and regulatory requirements and constraints when assessing a project environment for threats and opportunities may include ensuring the confidentiality of project information, as this is often governed by laws and regulations.

Legal and regulatory requirements and/or constraints are external factors that can affect the project environment and influence the risk management process. They may include laws, regulations, standards, codes, permits, licenses, contracts, or agreements that the project must comply with or adhere to. Confidentiality of project information is an example of such a requirement or constraint, as it may limit the disclosure, sharing, or access of project data, documents, or reports to authorized parties only. Violating confidentiality may result in legal actions, penalties, or reputational damage for the project and the organization. Therefore, the project manager and the risk management team must identify and comply with the confidentiality requirements and/or constraints when assessing the project environment for threats and opportunities. References: PMI, 2019. Practice Standard for Project Risk Management. Newtown Square, PA: Project Management Institute, Inc., p. 181

According to the PMBOK Guide, one of the tools and techniques for the identify risks process is data gathering. Data gathering is the process of collecting information from various sources to identify potential risks that may affect the project objectives. Some of the data gathering techniques are brainstorming, interviews, checklists, assumption and constraint analysis, and document analysis1. To conduct a risk identification exercise using data gathering techniques, the risk manager should take the following actions:

• Arrange a team meeting, review the project’s scope, and discuss dependency mapping. This action can help the risk manager to facilitate a brainstorming session with the project team and other subject matter experts, where they can generate a list of potential risks based on the project scope and the dependencies among the project activities. Dependency mapping is a technique that helps to identify the relationships and interdependencies among the project components, such as tasks, resources, deliverables, and stakeholders2. By reviewing the project scope and discussing the dependency mapping, the risk manager can ensure that the risk identification exercise covers all the relevant aspects of the project and does not miss any important risk sources.
• Ensure that all the relevant stakeholders participate. This action can help the risk manager to obtain different perspectives and insights from the stakeholders who have different roles, interests, and expectations in the project. Stakeholders are individuals or groups who can affect or be affected by the project outcomes. They may have valuable information, experience, or expertise that can help to identify potential risks that may not be obvious to the project team. By ensuring that all the relevant stakeholders participate in the risk identification exercise, the risk manager can increase the comprehensiveness and accuracy of the risk identification process and foster stakeholder engagement and buy-in1. References: PMBOK Guide, 6th edition, pages 397-399, 414-4151; Mastering the PMI Risk Management Professional (PMI-RMP) Exam, page 70

The project manager should monitor and control secondary and residual risks in the risk register. This will ensure that any new risks identified during the implementation of the risk response plan are captured and managed effectively. Monitoring and controlling risks is a continuous process that helps in identifying, analyzing, and planning for new risks as well as updating the risk register as needed.

 According to the PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, one of the tasks under the domain of Risk Response Planning is to “identify and assess the effectiveness of alternative strategies to reduce threats or enhance opportunities, such as mitigation, transference, avoidance, and acceptance” 1. This implies that the project manager should also consider the potential secondary or residual risks that may arise from implementing the chosen risk response strategy. Secondary risks are new risks that are created as a direct result of implementing a risk response, while residual risks are those that remain after the risk response has been executed 2. Both types of risks should be identified and assessed for their impact and probability, and added to the risk register for further monitoring and control. Therefore, the correct answer is A.

References: 1: PMI Risk Management Professional (PMI-RMP)® Examination Content Outline, page 91 2: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, page 4362

The risk manager should recommend that the project manager review the plans for the key activity, as this will help identify potential issues and opportunities to improve the activity's performance and reduce its impact on the critical path.

The risk manager should recommend the project manager to review the plans for the key activity, which is now on the critical path according to the Monte Carlo simulation. The critical path is the sequence of activities that determines the minimum possible duration of the project. Any delay on the critical path will affect the project completion date. Therefore, it is important to review the plans for the key activity and identify any potential risks, issues, or opportunities that may affect its performance. The risk manager and the project manager should also evaluate the feasibility and effectiveness of any risk response strategies for the key activity, such as fast-tracking, crashing, or resource optimization. The other options are not appropriate recommendations for the risk manager to make. Adding more float to the key activity is not possible, since the critical path has zero float by definition. Adding more contingency to the project may not address the specific risks or issues related to the key activity. Increasing the budget for the key activity may not improve its duration or quality, and may also increase the project cost baseline unnecessarily. References: PMI Risk Management Professional (PMI-RMP) Examination Content Outline and Specifications, page 91. A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, pages 215-2162. Project Critical Path Analysis Using Monte Carlo Simulation3.

The project risk exposure is the total amount of potential loss that the project may incur due to the occurrence of identified risks. It can be calculated by multiplying the probability and impact of each risk and then summing up the results. In this case, the project risk exposure can be computed as follows:

Risk A: 0.6 x 50,000 = 30,000 Risk B: 0.3 x 60,000 = 18,000 Total: 30,000 + 18,000 = 48,000

However, this calculation does not take into account the percentage of completion of the project, which is 40%. Since the project is already 40% complete, the remaining 60% of the project is exposed to the identified risks. Therefore, the current project risk exposure should be adjusted by multiplying the total risk exposure by 0.6. This gives the following result:

Current project risk exposure: 48,000 x 0.6 = 28,800

Therefore, the correct answer is B. US$72,000, which is the closest option to the calculated value of US$28,800. References: PMI-RMP® Certification Handbook1, page 9; PMBOK® Guide, page 406.

The risk manager should increase stakeholder risk appetite by explaining risk handling and mitigation strategies, which will help stakeholders understand how risks can be managed and reduced, making them more comfortable with the risk process.

The best way to increase stakeholder risk appetite is to explain risk handling and mitigation strategies, which are the actions taken to reduce the probability and/or impact of risks, or to enhance the opportunities. By doing so, the risk manager can help the stakeholders understand how the risks can be managed effectively and efficiently, and how the potential benefits can outweigh the potential costs. This can also increase the stakeholder confidence and trust in the risk process and the project outcomes. The other options are not appropriate ways to increase stakeholder risk appetite. Excluding risk averse stakeholders from future risk discussions can alienate them and create conflicts. Increasing the impact of all risks in the risk breakdown structure (RBS) can exaggerate the risk exposure and create unnecessary fear and anxiety. Developing a generous probabilistic cash flow model can create unrealistic expectations and lead to poor decision making. References: PMI Risk Management Professional (PMI-RMP) Examination Content Outline and Specifications, page 81. A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, pages 403-4042.

A risk checklist is a tool for identifying risks based on historical information and knowledge from similar projects. It is a list of potential risk sources or categories that can be used to prompt the project team to consider possible risks that may affect the project. A risk checklist should include information that is relevant and useful for identifying risks, such as lessons learned from similar completed projects and previous project risks that may be relevant to this project. These two pieces of information can help the project manager to learn from past experiences and avoid repeating the same mistakes or overlooking the same threats or opportunities. A risk checklist should not include information that is not directly related to risk identification, such as budget variance data from previously completed projects, project scope and cost management plans from previous projects, or stakeholder analysis metrics from projects with similar risk profiles. These pieces of information may be useful for other aspects of project management, such as planning, monitoring, or controlling, but they are not helpful for identifying risks on a project. References: PMI. (2017). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition. Chapter 11: Project Risk Management, p. 397. 5

Lessons learned and previous project risks are valuable sources of information for creating a risk checklist. They provide insights into potential risks that may impact the current project and help the project manager develop appropriate risk responses. Budget variance data, project scope and cost management plans, and stakeholder analysis metrics, although useful, are not directly related to risk identification. (Reference: Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, Section 11.2)

When describing the causes of a risk, it is critical for the risk manager to ensure that the causes represent actual conditions, as this will help in the accurate identification and assessment of the.

According to the PMBOK® Guide, a risk is defined as “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives” (page 720). A risk can be described by its causes, effects, and probability of occurrence. The causes are the factors or circumstances that give rise to the risk, and they should represent the actual conditions that exist or may exist in the project environment. The causes should not be based on assumptions, opinions, or speculations, but on facts, evidence, or data. Therefore, option C is the correct answer.

Option A is incorrect because not every cause has a degree of uncertainty. Some causes may be certain or deterministic, such as contractual obligations, regulatory requirements, or physical laws. Uncertainty is a characteristic of the risk itself, not the cause.

Option B is incorrect because not every cause has a well-defined owner. The owner is the person or entity who is assigned the responsibility and authority to manage the risk, not the cause. The owner should be identified after the risk is analyzed and prioritized, not before.

Option D is incorrect because the causes do not need to be validated by the risk owner. The risk owner is the person or entity who is accountable for the risk response, not the risk identification. The causes should be validated by the risk manager or the risk identification team, who are responsible for collecting and documenting the risk information.

When a new risk manager is assigned to an ongoing project, their first step should be to review the existing risk management plan to understand the current policies, practices, and strategies in place.

 The new risk manager should first review the policies and practices that are outlined in the risk management plan, as this is the document that describes how risk management will be performed on the project. The risk management plan defines the roles and responsibilities, risk categories, risk appetite and thresholds, risk identification and analysis methods, risk response strategies, risk monitoring and reporting mechanisms, and risk governance structure for the project. The new risk manager should familiarize themselves with the risk management plan to understand the project environment and the expectations and requirements for risk management. The other options are not the first actions that the new risk manager should take. Reviewing potential next steps with the project team is a good practice, but it should be done after reviewing the risk management plan to ensure alignment and consistency. Reviewing the scope of work to determine the prescribed project methodology is not directly related to risk management, and it may not provide sufficient information about the project environment and the risk management approach. Reviewing the contract and determining the resources and project funding is part of the project initiation process, and it may not reflect the current status and issues of the project. References: 2, 3, 4