During project execution for a software development program, a risk manager notices the results vary from the stated expectations in the planning phase. The project team states that there was unrealistic planning.
What should the risk manager do next to understand the differences between planning and execution?
Answer : D
Assumptions made during planning need to be reviewed to understand deviations in actual results. PMBOK Guide states:
'Reviewing project assumptions is key to understanding variances between planned and actual performance, as invalid or changed assumptions often cause project deviations.'
--- PMBOK Guide, 6th Edition, Section 11.2
PMBOK Guide, 6th Edition, Section 11.2
A new risk manager is assigned to an ongoing project, what should the new risk manager do first to assess the project environment?
Answer : C
When a new risk manager is assigned to an ongoing project, their first step should be to review the existing risk management plan to understand the current policies, practices, and strategies in place.
The new risk manager should first review the policies and practices that are outlined in the risk management plan, as this is the document that describes how risk management will be performed on the project. The risk management plan defines the roles and responsibilities, risk categories, risk appetite and thresholds, risk identification and analysis methods, risk response strategies, risk monitoring and reporting mechanisms, and risk governance structure for the project. The new risk manager should familiarize themselves with the risk management plan to understand the project environment and the expectations and requirements for risk management. The other options are not the first actions that the new risk manager should take. Reviewing potential next steps with the project team is a good practice, but it should be done after reviewing the risk management plan to ensure alignment and consistency. Reviewing the scope of work to determine the prescribed project methodology is not directly related to risk management, and it may not provide sufficient information about the project environment and the risk management approach. Reviewing the contract and determining the resources and project funding is part of the project initiation process, and it may not reflect the current status and issues of the project.Reference:2,3,4
in a complex and critical project, a sponsor asks the risk manager to determine where the project's concentration of risks is greatest by performing a quantitative risk analysis. There are no organizational process assets (OPAs)s about the risk categories.
Which tool could the risk manager use to discover the project risk categories?
Answer : A
When a project lacks predefined organizational process assets (OPAs) related to risk categories, the risk manager can utilize the Work Breakdown Structure (WBS) to identify potential project risk categories. The WBS decomposes the project scope into manageable components, providing a hierarchical representation of all deliverables and work packages. By analyzing each element of the WBS, the risk manager can systematically identify areas where risks may arise, effectively categorizing them based on project activities and deliverables. This approach ensures a comprehensive assessment of potential risks across all aspects of the project, facilitating targeted risk management efforts.
PMI Risk Management Study Guide Reference:
The PMI-RMP Exam Preparation Study Guide notes that 'the WBS serves as a foundational tool for risk identification, enabling project teams to systematically examine each component for potential risks and categorize them appropriately.'
The project manager asks the risk manager to determine the initial risk assessment for a six month initiative that is about to kick-off. Which two artifacts will help the risk manager conduct the related analysis? (Choose two.)
Answer : A, B
According to the PMBOK Guide, one of the tools and techniques for the identify risks process isdata gathering. Data gathering is the process of collecting information from various sources to identify potential risks that may affect the project objectives.One of the data gathering techniques isdocument analysis, which involves reviewing and analyzing available project documents and other information sources to identify potential risks1.
Two of the artifacts that will help the risk manager conduct the initial risk assessment for a six month initiative are thework breakdown structure (WBS)and theproject organizational chart. These are two of the project documents that can be analyzed for potential risks in the project.
Thework breakdown structure (WBS)is a hierarchical decomposition of the total scope of work to be carried out by the project team to accomplish the project objectives and create the required deliverables. The WBS represents the work defined in the current approved project scope statement and provides the framework for detailed cost estimating, resource planning, and risk management.By reviewing the WBS, the risk manager can identify potential risks that are associated with each work package, deliverable, or scope element, such as technical complexity, quality requirements, dependencies, assumptions, constraints, and uncertainties1.
Theproject organizational chartis a graphical representation of the project team members and their reporting relationships. The project organizational chart depicts the roles and responsibilities of the project team, as well as the communication channels and authority levels among the team members and other stakeholders.By reviewing the project organizational chart, the risk manager can identify potential risks that are related to the project team structure, such as resource availability, skill gaps, team dynamics, stakeholder expectations, and conflict resolution1.
Some of the other options are not relevant or appropriate for the question scenario:
Theconfiguration management planis a component of the project management plan that describes how the project team will manage the configuration of the project's deliverables and documentation. The configuration management plan defines the processes, tools, and methods for identifying, controlling, tracking, and auditing the changes to the project's baselines.The configuration management plan is not an artifact that will help the risk manager conduct the initial risk assessment, as it does not provide information on the potential risks that may affect the project objectives or scope1.
Brainstormingis a technique for the identify risks process that involves generating a list of potential risks through a group discussion. Brainstorming is not an artifact, but rather a tool and technique for identifying risks.Brainstorming can help the risk manager conduct the initial risk assessment, but only after reviewing and analyzing the available project documents and information sources1.
Monte Carlo analysisis a technique for the perform quantitative risk analysis process that involves simulating the combined effect of individual project risks and other sources of uncertainty on the project objectives, such as cost or schedule. Monte Carlo analysis is not an artifact, but rather a tool and technique for analyzing risks.Monte Carlo analysis can help the risk manager conduct the initial risk assessment, but only after identifying and prioritizing the individual project risks and their probability and impact1.
: PMBOK Guide, 6th edition, pages 397-399, 414-415, 431-432, 441-442, 156-157, 168-169, 89-901; PMI-RMP Exam Content Outline, 2015, page 7.
A project is underway to implement a new customer support software. During testing, the risk manager discovers that the integration with the existing customer relationship management system is more complex than initially planned, potentially delaying the project. The risk manager needs to update project documents to reflect this new information.
Which steps should the risk manager consider when updating relevant project documents?
Answer : D
Best practice requires immediate assessment and updating of risk-related documents as soon as new risks or issues are identified. This includes working with the technical team to understand the impact, updating the risk register and project schedule, and communicating with stakeholders.
'When new risks or issues arise, project documents such as the risk register, schedule, and stakeholder communications should be updated promptly to ensure that stakeholders are informed and risk responses are integrated into project planning.'
--- PMBOK Guide, 6th Edition, Section 11.7 (Monitor Risks: Work Performance Information and Updates)
This keeps the project adaptive and transparent.
PMI PMBOK Guide, 6th Edition, Section 11.7
ISO 31000:2018, Section 6.7
During a brainstorming session, a stakeholder identifies a risk that, if realized, could greatly impact their team. The stakeholder insists that this particular risk should be
mitigated to the greatest extent possible, however, the majority of other stakeholders feel that different risks have higher probabilities of occurring.
Which action should the risk manager take to address this risk?
Answer : D
Adding the identified risk to the risk register is the best action that the risk manager can take to address this risk. The risk register is a document that records the identified risks, their characteristics, their status, and their responses. By adding the risk to the risk register, the risk manager can ensure that the risk is not overlooked or ignored, and that it will be subjected to further probability and impact analysis to determine its priority and response strategy. Accepting the identified risk because other stakeholders feel that there are higher priority risks to address is not a good practice, as it may lead to overlooking a potentially significant risk that could affect the stakeholder's team. Mitigating the identified risk in order to reduce the probability of impacting the stakeholder's team is not advisable, as it may be a premature or unnecessary action without proper analysis of the risk probability and impact.Escalating the identified risk to the project sponsor and allowing them to determine the best course of action is not appropriate, as it may be an overreaction or a sign of lack of competence from the risk manager, who should be able to handle the risk identification and analysis process.Reference: PMI Risk Management Professional (PMI-RMP) Exam Content Outline1, PMI Practice Standard for Project Risk Management2, Risk Management Professional (PMI-RMP) Cert Guide3
An organization that spans across different countries undergoes a digital transformation project. The project manager has assigned a risk management team leader who is a risk management certified candidate in their domain.
What should the risk management team leader do in the early stages of the project?
Answer : C
In the early stages of a project, the risk management team leader should conduct qualitative risk analysis to prioritize potential risks. This will help the team to focus on the most significant risks and develop appropriate risk response strategies.
According to the PMI-RMP Handbook, the early stages of the project are the best time to establish the risk management plan, which is a document that describes how risk management activities will be structured and performed on the project. It is one of the main outputs of the Plan Risk Management process. The risk management plan should be developed with the involvement and input of key stakeholders, such as the project sponsor, customer, team members, subject matter experts, and other relevant parties. The risk management plan should also define the roles and responsibilities of the stakeholders in risk management, as well as the reporting and escalation mechanisms.
The risk management team leader, who is a risk management certified candidate in their domain, should educate stakeholders on best practices to perform risk management in the early stages of the project. This is because the stakeholders may have different levels of knowledge, experience, and expectations regarding risk management, especially in an organization that spans across different countries. The risk management team leader should provide training, coaching, and guidance to the stakeholders on how to apply the risk management processes, tools, and techniques, as well as how to use the risk management plan. The risk management team leader should also promote a positive risk culture and encourage stakeholder participation and collaboration in risk management activities.
The other options are not valid for what the risk management team leader should do in the early stages of the project:
Conduct qualitative risk analysis to prioritize potential risks: This is not a valid option because the qualitative risk analysis is part of the Perform Qualitative Risk Analysis process, which comes after the Identify Risks process and before the Perform Quantitative Risk Analysis process. The risk management team leader should not conduct the qualitative risk analysis before developing the risk management plan and identifying the risks.
Plan a solid risk response plan and secure the necessary funding: This is not a valid option because the risk response plan is part of the Plan Risk Responses process, which comes after the Perform Qualitative Risk Analysis and Perform Quantitative Risk Analysis processes. The risk management team leader should not plan the risk response plan and secure the necessary funding before developing the risk management plan, identifying, and analyzing the risks.
Benchmark to an organization which has executed a similar project: This is not a valid option because benchmarking is a technique for risk identification, but it is not the only one. The risk management team leader should use a combination of techniques to identify risks, not just focus on one aspect. Also, benchmarking is not the same as educating stakeholders, which implies providing training, coaching, and guidance on risk management best practices.
: PMI-RMP Handbook1, PMBOK Guide2, Practice Standard for Project Risk Management2