Project Risk Management

Study Hints

Most exam takers find the Project Risk Management questions on the PMP® certification exam demanding because they address many concepts that project managers may not have been exposed to in their work or education. However, the questions correspond closely to PMBOK® Guide material, so you should not have much difficulty if you study the concepts and terminology found there. Although the questions included do not contain mathematically complex work problems, they do require you to know certain theories, such as expected monetary value (EMV) and decision-tree analysis. Additionally, you are likely to encounter questions related to levels of risk faced by both buyer and seller based on various types of contracts.

PMI® views risk management as a six-step process including plan risk management, identify risks, perform qualitative risk analysis, perform quantitative risk analysis, plan risk response, and control risk. PMBOK® Guide Figure 11-1 provides an overview of this approach. Know this chart thoroughly.

Following is a list of the major Project Risk Management topics. Use it to help focus your study efforts on the areas most likely to appear on the exam.

Major Topics

Project risk management

• Risk defined
• Types of risk
• Known risks
• Unknown risks
• Organization’s risk attitude
• Risk appetite
• Risk tolerance
• Risk threshold
• Risk factors
• Risk event
• Probability of occurrence
• Amount at stake (impact)
• Risk conditions
• Risk tolerances

Risk processes

Plan risk management

• Planning meetings and analyses
• Analytical techniques
• Risk management plan
• Methodology
• Roles and responsibilities
• Budget
• Timing
• Categories
• Definitions of probability and impact
• Probability and impact matrix
• Revised stakeholder tolerances
• Reporting formats
• Tracking

Identify risks

• Definition
• Timing
• Plans and baselines
• Project documents

Identify risks tools and techniques

• Documentation reviews
• Brainstorming
• Delphi method
• Interviews
• Root cause analysis
• Strengths-weaknesses-opportunities-threats (SWOT) analysis
• Influence diagrams
• Checklists
• Assumption analysis
• Diagramming techniques
• Expert judgment

Risk register

• List of identified risks
• List of potential responses

Perform qualitative risk analysis

• Prioritize risks for further action
• Risk probability and impact assessment
• Probability and impact matrix
• Risk data quality assessment
• Risk categories
• Risk urgency assessment
• Expert judgment
• Assumption log updates
• Risk register updates
• Relative ranking or priority list of risks
• Risks by category
• Causes of risks requiring particular attention
• Risks requiring near-term responses and additional analysis and responses
• Watch list of low priority risks

Perform quantitative risk analysis

• Numerical analysis of the effect of identified risks on project objectives
• Interviewing
• Probability distribution
• Sensitivity analysis
• Expected monetary value analysis
• Decision-tree analysis
• Monte Carlo analysis
• Path convergence
• Statistical distribution
• Risk register updates
• Probabilistic analysis of the project
• Probability of achieving cost and time objectives
• Prioritized list of quantified risks
• Trends

Plan risk responses

• Negative risks or threats
• Avoid
• Transfer
• Mitigate
• Accept
• Positive risks or opportunities
• Exploit
• Share
• Enhance
• Accept
• Contingent responses
• Risk register updates
• Risk-related contract decisions
• Updates to plans and documents

Control risks

• Definition and purpose
• Tools and techniques
• Risk reassessment
• Risk audits
• Variance and trend analysis
• Technical performance measurement
• Reserve analysis
• Status meetings
• Updates to the risk register
• Change requests
• Updates to organizational process assets, plans, and documents

Practice Questions

INSTRUCTIONS: Note the most suitable answer for each multiple-choice question in the appropriate space on the answer sheet.

1. As the project manager, you have the option of proposing one of three systems to a client: a full-feature system that not only satisfies the minimum requirements but also offers numerous special functions (the “Mercedes”); a system that meets the client’s minimum requirements (the “Yugo”); and a system that satisfies the minimum requirements plus has a few extra features (the “Toyota”). The on-time records and associated profits and losses are depicted on the below decision tree. What is the expected monetary value of the “Toyota” system?

   

   1. $9,900
   2. $44,000
   3. $45,000
   4. $48,000
2. A risk response strategy that can be used for both threats and opportunities is—
   5. Share
   6. Avoid
   7. Accept
   8. Transfer
3. The risk urgency assessment is a tool and technique used for—
   9. Plan risk responses
   10. Identify risks
   11. Perform qualitative risk analysis
   12. Perform quantitative risk analysis
4. Projects are particularly susceptible to risk because—
   13. Murphy’s law states that “if something can go wrong, it will”
   14. There is uncertainty in all projects
   15. Project management tools are generally unavailable at the project team level
   16. There are never enough resources to do the job
5. As project manager, you have assembled the team to prepare a comprehensive list of project risks. Which one of the following documents would be the most helpful in this process?
   17. OBS
   18. WBS
   19. RBS
   20. CBS
6. You are working on identifying possible risks to your project to develop a nutritional supplement. You want to develop a comprehensive list of risks that can be addressed later through qualitative and quantitative risk analysis. An information gathering technique used to identify risks is—
   21. Documentation reviews
   22. Probability and impact analysis
   23. Checklist analysis
   24. Brainstorming
7. The Delphi technique is a particularly useful method for identifying risks to—
   25. Present a sequence of decision choices graphically to decision makers
   26. Define the probability of occurrence of specific variables
   27. Reduce bias in the analysis and keep any one person from having undue influence on the outcome
   28. Help take into account the attitude of the decision maker toward risk
8. A workaround is—
   29. An unplanned response to a negative risk event
   30. A plan of action to follow when something unexpected occurs
   31. A specific response to certain types of risk as described in the risk management plan
   32. A proactive, planned method of responding to risks
9. Most statistical simulations of budgets, schedules, and resource allocations use which one of the following approaches?
   33. PERT
   34. Decision-tree analysis
   35. Present value analysis
   36. Monte Carlo analysis
10. In the below path convergence example, if the odds of completing activities 1, 2, and 3 on time are 50 percent, 50 percent, and 50 percent, what are the chances of starting activity 4 on day 6?

    

    37. 10 percent
    38. 13 percent
    39. 40 percent
    40. 50 percent
11. A project health check identified a risk that your project would not be completed on time. As a result, you are quantifying the project’s risk exposure and determining what cost and schedule contingency reserves might be needed. You performed a schedule risk analysis using Monte Carlo analysis. The basis for your schedule risk analysis is the—
    41. WBS
    42. Gantt chart
    43. Schedule network diagram and duration estimates
    44. Probability/impact risk rating matrix
12. You are developing radio frequency (RF) technology that will improve overnight package delivery. You ask each stakeholder to estimate the most optimistic package delivery time using the RF technology, the most pessimistic time, and the most likely time. This shows that for your next step you plan to—
    45. Use a beta or triangular probability distribution
    46. Conduct a sensitivity analysis
    47. Structure a decision analysis as a decision tree
    48. Determine the strategy for risk response
13. Each one of the following statements about risk avoidance is true EXCEPT that it—
    49. Focuses on changing the project management plan to eliminate entirely the threat
    50. Isolates the project’s objectives from the risk’s impact
    51. Accepts the consequences of the risk event should it occur
    52. Changes the project objective that is in jeopardy
14. If the probability of event 1 is 80 percent and of event 2 is 70 percent and they are independent events, how likely is it that both events will occur?
    53. 6 percent
    54. 15 percent
    55. 24 percent
    56. 56 percent
15. The project scope statement should be used in the identify risk process because it—
    57. Identifies project assumptions
    58. Identifies all the work that must be done and, therefore, includes all the risks on the project
    59. Helps to organize all the work that must be done on the project
    60. Contains information on risks from prior projects
16. Your project team has identified all the risks on the project and has categorized them as high, medium, and low. The “low” risks are placed on which one of the following for monitoring?
    61. Threat list
    62. Low risk list
    63. Watch list
    64. Low impact list
17. A general contingency is used for—
    65. Risks that are identified at the outset of the project
    66. Risks that are not identified at the outset of the project but are known before they occur
    67. Risks that cannot be known before they occur because they are external risks
    68. Any risks that cannot be known before they occur
18. The simplest form of quantitative risk analysis and modeling techniques is—
    69. Probability analysis
    70. Sensitivity analysis
    71. Delphi technique
    72. Utility theory
19. If a business venture has a 60-percent chance to earn $2 million and a 20-percent chance to lose $1.5 million, what is the expected monetary value of the venture?
    73. –$50,000
    74. $300,000
    75. $500,000
    76. $900,000
20. You are managing the construction of a highly sophisticated data center in Port Moresby, Papua, New Guinea. Although this location offers significant economic advantages, the threat of typhoons has caused you to create a backup plan to operate in Manila in case the center is flooded. This plan is an example of what type of risk response?
    77. Passive avoidance
    78. Mitigation
    79. Active acceptance
    80. Deflection
21. A recent earned value analysis shows that your project is 20 percent complete, the CPI is 0.67, and the SPI is 0.87. In this situation, you should—
    81. Perform additional resource planning, add resources, and use overtime as needed to accomplish the same amount of budgeted work
    82. Rebaseline the schedule, then use Monte Carlo analysis
    83. Conduct a risk response audit to help control risk
    84. Forecast potential deviation of the project at completion from cost and schedule targets
22. The purpose of a numeric scale in risk management is to—
    85. Avoid high-impact risks
    86. Assign a relative value to the impact on project objectives if the risk in question occurs
    87. Rank order risks in terms of very low, low, moderate, high, and very high
    88. Test project assumptions
23. Risk score measures the—
    89. Variability of the estimate
    90. Product of the probability and impact of the risk
    91. Range of schedule and cost outcomes
    92. Reduced monetary value of the risk event
24. Which of the following is an example of recommended corrective action in risk management?
    93. Conducting a risk audit
    94. Engaging in additional risk response planning
    95. Performing the contingency plan
    96. Conducting a risk review
25. The primary advantage of using decision-tree analysis in project risk management is that it—
    97. Considers the attitude of the decision maker toward risk
    98. Forces consideration of the probability of each outcome
    99. Helps to identify and postulate risk scenarios for the project
    100. Shows how risks can occur in combination
26. Your project is using complex, unproven technology. Your team conducted a brainstorming session to identify risks. Poor allocation of project resources was the number one risk. This risk was placed on the risk register, which included at this point a—
    101. Watch list
    102. Potential risk response
    103. Known unknown
    104. List of other risks requiring additional analysis
27. When managing current projects, it is important to use lessons learned from previous projects to improve the organization’s project management process. Therefore, in project closing procedures, it is important to review the—
    105. Secondary risks that occurred
    106. Checklists for identify risks
    107. WBS dictionary
    108. Fallback plan
28. Risk mitigation involves—
    109. Using performance and payment bonds
    110. Eliminating a specific threat by eliminating the cause
    111. Avoiding the schedule risk inherent in the project
    112. Reducing the probability and/or impact of an adverse risk event to an acceptable threshold
29. On a typical project, when are risks highest and impacts (amount at stake) lowest?
    113. During the concept phase
    114. At or near completion of the project
    115. During the implementation phase
    116. When the project manager is replaced
30. Two key inputs to the perform quantitative risk analysis process are the—
    117. WBS and milestone list
    118. Scope management plan and process improvement plan
    119. Schedule management plan and cost management plan
    120. Procurement management plan and quality baseline
31. The highest risk impact generally occurs during which one of the following project life-cycle phases?
    121. Concept and planning
    122. Planning and implementation
    123. Implementation and closeout
    124. Concept and closeout
32. Which one of the following statements best characterizes an activity cost or duration estimate developed with a limited amount of information?
    125. It should be part of the planning for the needed management reserve.
    126. It is an input to identify risks.
    127. It is an output from identify risks.
    128. It must be factored into the list of prioritized project risks.
33. What is the primary difference between a risk audit and a risk reassessment?
    129. A risk reassessment is conducted at the completion of a major phase; audits are conducted after the project is complete.
    130. Project stakeholders conduct risk audits; management conducts reassessments.
    131. Risk reassessments are regularly scheduled; risk audits are performed as defined in the project’s risk management plan.
    132. There is no difference; they are virtually the same.
34. Accurate and unbiased data are essential for perform qualitative risk analysis. Which one of the following should you use to examine the extent of understanding of project risk?
    133. Data quality assessment
    134. Project assumptions testing
    135. Sensitivity analysis
    136. Influence diagrams
35. Assigning more talented resources to the project to reduce time to completion or to provide better quality than originally planned are examples of which one of the following strategies?
    137. Enhance
    138. Exploit
    139. Share
    140. Contingent response
36. Which of the following is NOT an objective of a risk audit?
    141. Confirming that risk management has been practiced throughout the project life cycle
    142. Confirming that the project is well managed and that the risks are being controlled
    143. Evaluating the effectiveness of risk responses in dealing with identified risks
    144. Ensuring that each risk identified and deemed critical has a computed expected value
37. Contingency planning involves—
    145. Defining the steps to be taken if an identified risk event should occur
    146. Establishing a management reserve to cover unplanned expenditures
    147. Preparing a stand-alone document that is separate from the overall project plan
    148. Determining needed adjustments to make during the implementation phase of a project
38. Assume that you are working on a new product for your firm. Your CEO learned that a competitor was about to launch a new product that has similar features to those of your project. The competitor plans to launch the product on September 1. It is now March 1. Your schedule called for you to launch your product on December 1. Your CEO now has now mandated that you fast track your project so you can launch your product on August 1. This fast track schedule is an example of an—
    149. Unknown risk
    150. A risk taken to achieve a reward
    151. A response that requires sharing the risk
    152. A passive avoidance strategy
39. As head of the project management office, you need to focus on those items where risk responses can lead to better project outcomes. One way to help you make these decisions is to—
    153. Use a probability and impact matrix
    154. Assess trends in perform quantitative risk analysis results
    155. Prioritize risks and conditions
    156. Assess trends in perform qualitative risk analysis results
40. You are the project manager for the construction of an incinerator to burn refuse. Local residents and environmental groups are opposed to this project. Management agrees to move this project to a different location. This is an example of which one of the following risk responses?
    157. Passive acceptance
    158. Active acceptance
    159. Mitigation
    160. Avoidance

Answer Sheet

1.	a	b	c	d
2.	a	b	c	d
3.	a	b	c	d
4.	a	b	c	d
5.	a	b	c	d
6.	a	b	c	d
7.	a	b	c	d
8.	a	b	c	d
9.	a	b	c	d
10.	a	b	c	d
11.	a	b	c	d
12.	a	b	c	d
13.	a	b	c	d
14.	a	b	c	d
15.	a	b	c	d
16.	a	b	c	d
17.	a	b	c	d
18.	a	b	c	d
19.	a	b	c	d
20.	a	b	c	d

21.	a	b	c	d
22.	a	b	c	d
23.	a	b	c	d
24.	a	b	c	d
25.	a	b	c	d
26.	a	b	c	d
27.	a	b	c	d
28.	a	b	c	d
29.	a	b	c	d
30.	a	b	c	d
31.	a	b	c	d
32.	a	b	c	d
33.	a	b	c	d
34.	a	b	c	d
35.	a	b	c	d
36.	a	b	c	d
37.	a	b	c	d
38.	a	b	c	d
39.	a	b	c	d
40.	a	b	c	d

Answer Key

1. b. $44,000

$\begin{array}{l}EM{V}_{\text{Toyota}}=\left(\text{\$50,000}\times \text{90\%}\right)+\left(–\text{\$10,000}\times \text{10\%}\right)\\ =\text{\$45,000}+\left(–\text{\$1,000}\right)\\ =\text{\$44,000}\end{array}$

[Planning]

PMI®, PMBOK® Guide, 2013, 339

1. c. Accept

   Risk exists on every project, and it is unrealistic to think it can be eliminated completely. There are certain risks that simply must be accepted because we cannot control whether or not they will occur (for example, an earthquake). Acceptance is a strategy for dealing with risk that can be used for both threats and opportunities. [Planning]

PMI®, PMBOK® Guide, 2013, 345–346

1. c. Perform qualitative risk analysis

   Risks that may happen in the near-term need urgent attention. The purpose of the risk urgency assessment is to identify those risks that have a high likelihood of happening sooner rather than later. It is combined with the risk ranking to give a final risk severity ranking [Planning]

PMI®, PMBOK® Guide, 2013, 333

1. b. There is uncertainty in all projects

   Every project has uncertainty associated with it because a project by its definition is a temporary endeavor undertaken to create a unique product, service, or result. Risks may be known or unknown. [Planning]

PMI®, PMBOK® Guide, 2013, 3 and 310

1. c. RBS

   The risk breakdown structure (RBS) helps to provide framework for ensuring a comprehensive process of systematically identified risks. It is a hierarchically organized depiction of the identified risks by risk categories. [Planning]

PMI®, PMBOK® Guide, 2013, 317, 332

1. d. Brainstorming

   Brainstorming is a frequently used information-gathering technique for identifying risk, because it enables the project team to develop a list of potential risks relatively quickly. Project team members, or invited experts, participate in the session. Risks are easily categorized for follow-on analysis. [Planning]

PMI®, PMBOK® Guide, 2013, 324

1. c. Reduce bias in the analysis and keep any one person from having undue influence on the outcome

   The Delphi technique provides a means for arriving at a consensus using a panel of experts to determine a solution to a specific problem. Project risk experts are identified but participate anonymously. Each panelist answers a questionnaire. Then the responses, along with opinions and justifications, are evaluated, and statistical feedback is given to each panel member. The process continues until group responses converge toward a solution. [Planning]

PMI®, PMBOK® Guide, 2013, 324

Wideman 1992, C-2 and C-3

1. a. An unplanned response to a negative risk event

   Used in control risks, a workaround is a response to a threat that has occurred for which a prior response had not been planned or was not effective. [Monitoring and Controlling]

PMI®, PMBOK® Guide, 2013, 567

1. d. Monte Carlo analysis

   Simulations are typically performed using Monte Carlo in which a project model is computed many times with the input values chosen at random for each iteration from the probability distribution of these variables. Monte Carlo analysis supports various statistical distributions (normal, triangular, beta, uniform, etc.) used in estimating budgets, schedules, and resource allocations. [Planning]

Frame 2002, 89

PMI®, PMBOK® Guide, 2013, 340

1. b. 13 percent

$\begin{array}{l}\text{Probability (starting activity 4 on day 6) = (0}{\text{.5)}}^{\text{3}}\\ \text{= 0}\text{.125 or 13\%}\end{array}$ [Planning]

PMI®, PMBOK® Guide, 2013, 331

1. c. Schedule network diagram and duration estimates

   When determining the likelihood of meeting the project’s schedule end date through Monte Carlo, the schedule network diagram and duration estimate are used as inputs to the simulation program. Cost risk, on the other hand, uses cost estimates from the WBS. [Planning]

PMI®, PMBOK® Guide, 2013, 340

1. a. Use a beta or triangular probability distribution

   Interviews often are used to help quantify the probability and consequences of risks on project objectives. The type of information collected during the interview depends on the type of probability distribution that is used. A beta or triangular distribution is used widely when information is gathered on the optimistic (low), pessimistic (high), and most likely scenarios. [Planning]

PMI®, PMBOK® Guide, 2013, 336–337

1. c. Accepts the consequences of the risk event should it occur

   Accepting the consequences of the risk event is categorized as risk acceptance. With this risk response approach, the project team takes no action to reduce the probability of the risk’s occurring. [Planning]

PMI®, PMBOK® Guide, 2013, 344–345

1. d. 56 percent

   The likelihood is determined by multiplying the probability of event 1 by the probability of event 2. [Planning]

PMI®, PMBOK® Guide, 2013, 331–332

Wideman 1992, IV-7

1. a. Identifies project assumptions

   Project assumptions, which should be enumerated in the project scope statement, are areas of uncertainty, and as such are potential causes of project risk. The scope statement and the WBS are part of the scope baseline, an input to identify risks. [Planning]

PMI®, PMBOK® Guide, 2013, 322

1. c. Watch list

   Even low-priority risks must be monitored. A watch list is used to ensure such risks are tracked for continued monitoring. [Planning]

PMI®, PMBOK® Guide, 2013, 347

1. d. Any risks that cannot be known before they occur

   There is a category of risks that is sometimes called unknown-unknowns, meaning that the risk is not knowable and, therefore, the probability of the risk is also not knowable. Your lead technical advisor becoming seriously ill, your offices being ransacked by persons engaged in industrial espionage, or one of your subcontractors winning the lottery and running off to the Cayman Islands are all examples of risks that are not known before they occur. However, such risks must be expected and a general contingency can be set aside to address the impact they leave in their wake. [Monitoring and Controlling]

PMI®, PMBOK® Guide, 2013, 310, 346, 348, and 533

Pritchard 2005, 183–188

1. b. Sensitivity analysis

   Sensitivity analysis, as a quantitative risk analysis and modeling technique, helps to determine the risks that have the most potential impact on the project. It examines the extent to which the uncertainty of each project element affects the objective being examined when all other uncertain elements are held at their baseline values. [Planning]

PMI®, PMBOK® Guide, 2013, 338

Wideman 1992, C-1 and C-2

1. d. $900,000

   EMV = ($2M × 60%) + (–$1.5M × 20%) =

   ($1.2M) + (–$300,000) = $900,000

   [Planning]

Frame 2002, 192

PMI®, PMBOK® Guide, 2013, 339

1. c. Active acceptance

   Active acceptance means not only accepting the consequences of a risk, but also establishing a plan for dealing with the risk, should it occur. Organizations typically establish a contingency plan funded by a contingency reserve (of time, money, or resources) to handle known, or even sometimes potential unknown, threats or opportunities. [Planning]

PMI®, PMBOK® Guide, 2013, 345

1. d. Forecast potential deviation of the project at completion from cost and schedule targets

   Earned value is used for monitoring overall project performance against a baseline plan. It is a part of variance analysis, a tool and technique in control risks. [Monitoring and Controlling]

PMI®, PMBOK® Guide, 2013, 352

1. b. Assign a relative value to the impact on project objectives if the risk in question occurs

   You can develop relative or numeric, well-defined scales using agreed-upon definitions by the stakeholders. When using a numeric scale, each level of impact has a specific number assigned to it. [Planning]

PMI®, PMBOK® Guide, 2013, 331–332

1. b. Product of the probability and impact of the risk

   The risk score provides a convenient way to compare risks because comparing impacts or probabilities alone is meaningless. It helps guide risk responses. [Planning]

PMI®, PMBOK® Guide, 2013, 332

1. c. Performing the contingency plan

   Corrective action in risk management is the process of making changes to bring expected performance in line with the risk management plan. Such action consists of performing either the planned risk response, such as implementing contingency plans, or a workaround. [Monitoring and Controlling]

PMI®, PMBOK® Guide, 2013, 353

1. b. Forces consideration of the probability of each outcome

   As a graphical way to bring together information, decision-tree analysis quantifies the likelihood of failure and places a value on each decision. Usually applied to cost and time considerations, this form of risk analysis may be linked to a sensitivity analysis. [Planning]

PMI®, PMBOK® Guide, 2013, 339

Wideman 1992, C-2 and C-3

1. b. Potential risk response

   The risk register is prepared first in the identify risks process. It contains a list of identified risks in as much detail as possible and a list of potential responses when they are identifiable at this time. [Planning]

PMI®, PMBOK® Guide, 2013, 327

1. b. Checklists for identify risks

   Checklists are a tool and a technique of the identify risks process and include risks encountered on similar, previous projects identified through the lessons learned process and from other sources. The project team should review the checklist as part of the identify risks process as well as during closeout. The team should add to the list as necessary, based on its experience, to help others in the future. [Planning]

PMI®, PMBOK® Guide, 2013, 325

1. d. Reducing the probability and/or impact of an adverse risk event to an acceptable threshold

   It is often more effective to take early action to reduce probability and/or impact of a risk occurring on a project than attempting to repair the damage after the risk has occurred. [Planning]

PMI®, PMBOK® Guide, 2013, 345

1. a. During the concept phase

   Risks are highest at the beginning of a project because the project faces an uncertain future, and impacts are lowest at this time because investments in human and material resources are minimal. [Planning]

Frame 2002, 80; PMI®, PMBOK® Guide, 2013, 40

Wideman 1992, II-1–II-5

1. c. Schedule management plan and cost management plan

   The cost and schedule of a project are two areas significantly affected by risk occurrences. Information on these two areas, because of their quantitative nature, provides excellent input to the perform quantification risk process to help determine overall impact and to provide guidelines as managing risk reserves. [Planning]

PMI®, PMBOK® Guide, 2013, 335

1. c. Implementation and closeout

   Opportunity and risk generally remain high during the concept and planning phases. However, the amount at stake remains low because of the relatively low level of investment up to that point. During project implementation and closeout, however, risk falls to lower levels as remaining unknowns are translated into knowns. At the same time, the amount at stake rises steadily as the necessary resources are invested to complete the project. [Planning]

PMI®, PMBOK® Guide, 2013, 40; Wideman 1992, II-5–II-6

1. b. It is an input to identify risks.

   Much of the output from planning in other knowledge areas, such as activity cost and duration estimates, may entail risk and is reviewed during the identify risks process. This process requires an understanding of the schedule, cost, and quality management plans found in the project management plan. Estimates that are aggressive or developed with a limited amount of information are even more likely to entail risk and, therefore, must also be an input to the identify risks process. [Planning]

PMI®, PMBOK® Guide, 2013, 321–322

1. c. Risk reassessments are regularly scheduled; risk audits are performed as defined in the project’s risk management plan.

   Risk reassessment is an ongoing activity by the project team. Risks should be discussed at every status meeting. Risk audits are performed during the project life cycle to examine and document the effectiveness of risk responses. They are conducted at appropriate frequencies as defined in the risk management plan. [Monitoring and Controlling]

PMI®, PMBOK® Guide, 2013, 351

1. a. Data quality assessment

   Perform qualitative risk analysis requires accurate and unbiased data. The use of low-quality data may result in a qualitative risk analysis that is of little use to the project manager regarding understanding of the risk, data available about the risk, data quality, and data reliability and integrity. [Planning]

PMI®, PMBOK® Guide, 2013, 332

1. b. Exploit

   Although it might have a negative connotation, exploitation is a strategy used for risks with positive impacts where the organization wants to ensure that the opportunity is realized. [Planning]

PMI®, PMBOK® Guide, 2013, 345

1. d. Ensuring that each risk identified and deemed critical has a computed expected value

   It is not feasible or necessary to quantify every risk. Therefore, a risk audit should never have as an objective to ensure that each project risk has a computed expected value. [Monitoring and Controlling]

PMI®, PMBOK® Guide, 2013, 351

1. a. Defining the steps to be taken if an identified risk event should occur

   For some risks it is appropriate for the project team to make a response plan that will be executed only under certain predefined conditions if it is believed that there will be sufficient warning to implement the plan. [Planning]

PMI®, PMBOK® Guide, 2013, 346

1. b. A risk taken to achieve a reward

   Project risk has its origin in the uncertainty that is present in all projects. Organizations and stakeholders are willing to accept varying degrees of risk, and risks that are threats to the project may be accepted if the risks are within tolerances and are in balance with the rewards to be gained. This example of adopting a fast-track schedule is a risk taken to achieve the reward created by the earlier completion date. [Planning]

PMI®, PMBOK® Guide, 2013, 345

1. a. Use a probability and impact matrix

   The probability and impact matrix can be used to classify risks according to their level of impact and to prioritize them for future quantitative analyses and responses based on their rating. Typically these risk rating rules are specified by the organization in advance of the project. The matrix specifies combinations of probability and impact that lead to rating the risks as low, moderate, or high priority. [Planning]

PMI®, PMBOK® Guide, 2013, 331–332

1. d. Avoidance

   Risk avoidance involves changing the project management plan to eliminate the threat entirely. [Planning]

PMI®, PMBOK® Guide, 2013, 344