A key project is delayed and all contingency reserves have been used even though the project team has implemented all planned risk responses. What should the risk manager do next?
Answer : B
When a project is delayed, and all contingency reserves have been exhausted, the next step is to escalate the situation to upper management. This escalation allows for additional resources or support to be considered and for strategic decisions to be made at a higher level. According to PMI's risk management practices, escalation is a key strategy when risks exceed the project's control, requiring input or intervention from senior management to resolve.
Top of Form
Bottom of Form
A new company initiates a project to incorporate a cybersecurity team. Which three documents should the risk manager analyze first? (Choose 3)
Answer : A, D, E
When initiating a project to incorporate a cybersecurity team, the risk manager should first analyze the following documents:
* Industry's standard procedures: Understanding industry best practices and standards is critical for setting up a cybersecurity team, as these procedures will guide the development of secure processes and protocols.
* IT infrastructure, networks, and data information: Analyzing the current IT infrastructure is essential to identify vulnerabilities, assess risks, and plan for the necessary security measures that the cybersecurity team will manage.
* Government laws and regulations: Cybersecurity is a highly regulated area. Understanding the relevant laws and regulations ensures that the project complies with all legal requirements and avoids potential penalties.
These documents provide the necessary foundation to assess the risks and develop a comprehensive cybersecurity strategy.
After a number of risk workshops, risks have been identified. Which is the first element the risk owner should look for in the response plan to help mitigate the risks?
Answer : D
The first element the risk owner should look for in the response plan is to verify that due dates for the actions have been identified. This ensures that risk mitigation actions are timely and can be effectively monitored.
After identifying the risks and assigning risk owners, the next step is to develop risk response plans that describe how to address each risk. The first element that the risk owner should look for in the response plan is the due date for the actions that are required to implement the response. The due date is important because it helps to prioritize the risk response activities, monitor the progress of the risk response, and ensure that the response is executed in a timely manner. The due date also helps to align the risk response with the project schedule and avoid any delays or conflicts. The other elements, such as the probability of a secondary risk, the impact on the quality of the components, and the relationship with the critical path, are also relevant for the risk response plan, but they are not the first element that the risk owner should look for.Reference: PMI, 2017. A Guide to the Project Management Body of Knowledge (PMBOK Guide) -- Sixth Edition. Newtown Square, PA: Project Management Institute, Inc., pp.407-4081
A core project team is working on unrelated tasks in advance to reduce the risk of delay due to an external team not completing its tasks on time. The core project team has completed all possible unrelated tasks but cannot move forward, because the external team's tasks have yet to be completed.
What should the risk manager do next?
Answer : D
According to the PMBOK Guide, the risk response plan is the set of actions that the project team will take to address the identified risks. The risk response plan should be reviewed and updated periodically throughout the project lifecycle, as new risks may emerge or existing risks may change. The risk owners are the persons assigned the responsibility of monitoring the risks and implementing the risk response actions. The risk owners should work with the risk manager and other stakeholders to evaluate the effectiveness of the risk response plan and make any necessary adjustments. In this case, the risk manager should ask the risk owners to review the risk response plan and see if there are any alternative or additional actions that can be taken to deal with the delay caused by the external team. Starting a quantitative analysis, crashing the schedule, or transferring the risk are not appropriate actions for this situation, as they are either too late, too costly, or too risky.Reference: = PMBOK Guide, 6th edition, pages 452-453; The Standard for Risk Management in Portfolios, Programs, and Projects, page 79.
A project team successfully implemented a risk response plan for a major risk event. Residual risks were evaluated and actions were taken to keep them under control. There were no secondary risks after the implementation.
What should the risk manager do?
Answer : B
Once a risk has been successfully managed, residual risks addressed, and there are no secondary risks, the next step according to risk management best practices is to formally close the expired risk and update all relevant project documentation. The PMBOK Guide states:
'Once the risk responses have been implemented, and the risk is no longer a threat or opportunity, the risk should be closed out in the risk register and the results should be documented as part of project records and lessons learned.'
--- PMBOK Guide, 6th Edition, Section 11.7.3.2
Closing the risk ensures transparency and supports organizational learning through updated project records.
PMBOK Guide, 6th Edition, Section 11.7.3.2
Practice Standard for Project Risk Management, PMI, Section 6.7
A company is preparing a formal response to bid for an infrastructure engineering, procurement, and construction project. When should a risk register be developed to identify risks?
Answer : C
A risk register should be developed before submitting a formal bid response to help the company understand the project's risk profile and account for potential risks in their proposal. This allows the company to make informed decisions about cost, schedule, and resources. (Reference: Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK Guide) -- Sixth Edition, Section 11.2)
A risk register is a document that is used as a risk management tool to identify potential setbacks within a project.A risk register is typically created at the start of a project (before it begins), and is regularly referenced and updated throughout the life of a project through deliberate risk monitoring and control1. A risk register is an important component of any successful risk management process and helps mitigate potential project delays that could arise.A risk register is shared with project stakeholders to ensure information is stored in one accessible place2. A risk register also helps to establish a hierarchy of risks, starting with the most impactful. The goal should be to have a path to mitigating those risks, reducing the harm they cause, or eliminating them.The register should also outline what's considered an acceptable level of risk and how to set up insurance to help offset the impacts3. Therefore, a risk register should be developed before a formal bid response is provided to the client to gain a greater understanding of the project's risk profile. This will help to estimate the project costs, schedule, and scope more accurately and realistically, as well as to identify the contingency plans and reserves needed to deal with the potential risks.Developing a risk register during the project execution phase, when a client project kick-off meeting is held, or after a project budget is set up with a purchase order are all too late to effectively identify and manage the risks that could affect the project success.Reference:2,3,1,4
A risk manager has a well-structured risk management process in place for a complex project with a tight schedule. Despite implementing preventive actions, one of the risks identified in the early stages of the project has still occurred and is now an issue.
What should the risk manager do next?
Answer : B
When a risk has materialized and become an issue despite preventive actions, the next logical step is to implement the pre-established risk response plan. This plan is designed specifically to address the risk if it occurs, ensuring that the project can quickly and effectively manage the issue. According to PMI's risk management guidelines, implementing the risk response plan is a critical step once a risk has been triggered, as it provides a structured approach to resolving the issue with minimal impact on the project.